CVE-2012-3438

GraphicsMagick - Denial of Service via Crafted PNG File

Title source: llm
STIX 2.1

Description

The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

References (7)

Core 7
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:165
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50090
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77259
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54716

Scores

EPSS 0.0247
EPSS Percentile 82.6%

Details

CWE
CWE-119
Status published
Products (1)
graphicsmagick/graphicsmagick 1.3.16
Published Aug 07, 2012
Tracked Since Feb 18, 2026