Lucene search

[email protected]CVE-2012-0260

HistoryJun 05, 2012 - 10:55 p.m.

CVE-2012-0260

2012-06-0522:55:07

CWE-400

[email protected]

web.nvd.nist.gov

imagemagick

jpeg

coders

jpegwarninghandler

denial of service

memory consumption

cve-2012-0260

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Affected configurations

NVD

Node

imagemagickimagemagickRange<6.7.6-3

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

Node

debiandebian_linuxMatch6.0

Node

redhatstorageMatch2.0

redhatenterprise_linux_ausMatch6.2

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.2

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_eusMatch6.2

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch11.4

opensuseopensuseMatch12.1

CPENameOperatorVersion
imagemagick:imagemagickimagemagicklt6.7.6-3

CPE	Name	Operator	Version
imagemagick:imagemagick	imagemagick	lt	6.7.6-3

References

lists.opensuse.org/opensuse-updates/2012-06/msg00001.html

rhn.redhat.com/errata/RHSA-2012-0544.html

rhn.redhat.com/errata/RHSA-2012-0545.html

secunia.com/advisories/48974

secunia.com/advisories/49063

secunia.com/advisories/49068

secunia.com/advisories/49317

secunia.com/advisories/55035

secunia.com/advisories/57224

www.cert.fi/en/reports/2012/vulnerability635606.html

www.debian.org/security/2012/dsa-2462

www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629

www.osvdb.org/81022

www.securityfocus.com/bid/52898

www.securitytracker.com/id?1027032

www.ubuntu.com/usn/USN-2132-1

exchange.xforce.ibmcloud.com/vulnerabilities/74658

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2012-0260

nvd1 debiancve1 prion1 cvelist1 ubuntucve1 openvas24 nessus19 freebsd1 redhat2 securityvulns4 centos2 ubuntu1 debian2 amazon1 oraclelinux2