CVE-2012-0247

Publication date 13 February 2012

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
imagemagick	12.04 LTS precise	Fixed 8:6.6.9.7-5ubuntu3.1
	11.10 oneiric	Fixed 8:6.6.0.4-3ubuntu1.1
	11.04 natty	Fixed 7:6.6.2.6-1ubuntu4.1
	10.10 maverick	Ignored
	10.04 LTS lucid	Fixed 7:6.5.7.8-1ubuntu1.2
	8.04 LTS hardy	Ignored

Notes

mdeslaur

I can't seem to reproduce this...seems to me gcc is doing the right thing when casting short to size_t

jdstrand

r6998 is the fix for CVE-2012-1185 which was assigned as an incomplete fix for this issue (see oss-sec thread).

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
imagemagick	Upstream: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 Upstream: http://trac.imagemagick.org/changeset/6667 Upstream: http://trac.imagemagick.org/changeset/6668 Upstream: http://trac.imagemagick.org/changeset/6676 Upstream: http://trac.imagemagick.org/changeset/6986 Upstream: http://trac.imagemagick.org/changeset/6991 Upstream: http://trac.imagemagick.org/changeset/6994 Upstream: http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c Upstream: http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c

Package

Patch details

imagemagick

Upstream: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
Upstream: http://trac.imagemagick.org/changeset/6667
Upstream: http://trac.imagemagick.org/changeset/6668
Upstream: http://trac.imagemagick.org/changeset/6676
Upstream: http://trac.imagemagick.org/changeset/6986
Upstream: http://trac.imagemagick.org/changeset/6991
Upstream: http://trac.imagemagick.org/changeset/6994
Upstream: http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c
Upstream: http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c

Severity score breakdown

Parameter	Value
Base score	8.8 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

USN-1435-1
ImageMagick vulnerabilities
1 May 2012

CVE-2012-0247

Cvss 3 Severity Score

Status

Notes

Patch details

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references