Lucene search

[email protected]CVE-2012-3437

HistoryAug 07, 2012 - 9:55 p.m.

CVE-2012-3437

2012-08-0721:55:02

[email protected]

web.nvd.nist.gov

imagemagick

denial of service

vulnerability

cve-2012-3437

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.036

Percentile

91.7%

JSON

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Affected configurations

NVD

Node

imagemagickimagemagickMatch6.7.8-6

VendorProductVersionCPE
imagemagickimagemagick6.7.8-6cpe:/a:imagemagick:imagemagick:6.7.8-6:::

Vendor	Product	Version	CPE
imagemagick	imagemagick	6.7.8-6	cpe:/a:imagemagick:imagemagick:6.7.8-6:::

References

lists.opensuse.org/opensuse-updates/2013-03/msg00101.html

secunia.com/advisories/50091

secunia.com/advisories/50398

www.mandriva.com/security/advisories?name=MDVSA-2012:160

www.mandriva.com/security/advisories?name=MDVSA-2013:092

www.securityfocus.com/bid/54714

www.securitytracker.com/id?1027321

www.ubuntu.com/usn/USN-1544-1

bugzilla.redhat.com/show_bug.cgi?id=844101

exchange.xforce.ibmcloud.com/vulnerabilities/77260

wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

Confidence

High

EPSS

0.036

Percentile

91.7%

JSON

Related for CVE-2012-3437

nvd1 prion1 nessus9 openvas9 ubuntucve1 fedora2 securityvulns2 ubuntu1 cvelist1 debiancve1 osv1 debian1