Lucene search

K

[email protected]NVD:CVE-2012-3438

HistoryAug 07, 2012 - 9:55 p.m.

CVE-2012-3438

2012-08-0721:55:02

CWE-119

[email protected]

web.nvd.nist.gov

2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.029

Percentile

90.9%

The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Affected configurations

NVD

Node

graphicsmagickgraphicsmagickMatch1.3.16

References

graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2

lists.opensuse.org/opensuse-updates/2013-03/msg00102.html

secunia.com/advisories/50090

www.mandriva.com/security/advisories?name=MDVSA-2012:165

www.securityfocus.com/bid/54716

bugzilla.redhat.com/show_bug.cgi?id=844105

exchange.xforce.ibmcloud.com/vulnerabilities/77259

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.029

Percentile

90.9%

Related for NVD:CVE-2012-3438

nessus9 openvas9 cvelist1 securityvulns1 fedora3 cve1 prion1 ubuntucve1 debiancve1 freebsd1