CVE-2012-0248

Published: Jun 5, 2012Modified: Apr 29, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Affected (17)

Products: Imagemagick: Imagemagick · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Imagemagick: Imagemagick · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation, Storage

1 product

1 product

1 product

7 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagemagick Imagemagick	Up to 6.7.5-7

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 11.04
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.2
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.2
Redhat Enterprise Linux Server Eus	Version 6.2
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Storage	Version 2.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (32)

http://rhn.redhat.com/errata/RHSA-2012-0544.html

Source: cret@cert.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0545.html

Source: cret@cert.org

Third Party Advisory

http://secunia.com/advisories/47926

Source: cret@cert.org

Broken Link

http://secunia.com/advisories/48247

Source: cret@cert.org

Broken Link

http://secunia.com/advisories/48259

Source: cret@cert.org

Broken Link

http://secunia.com/advisories/49043

Source: cret@cert.org

Broken Link

http://secunia.com/advisories/49063

Source: cret@cert.org

Broken Link

http://secunia.com/advisories/49068

Source: cret@cert.org

Broken Link

http://ubuntu.com/usn/usn-1435-1

Source: cret@cert.org

Third Party Advisory

http://www.cert.fi/en/reports/2012/vulnerability595210.html

Source: cret@cert.org

Broken Link

http://www.debian.org/security/2012/dsa-2427

Source: cret@cert.org

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml

Source: cret@cert.org

Third Party Advisory

http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286

Source: cret@cert.org

Issue TrackingPatchVendor Advisory

http://www.osvdb.org/79003

Source: cret@cert.org

Broken Link

http://www.securityfocus.com/bid/51957

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1027032

Source: cret@cert.org

Third Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2012-0544.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0545.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/47926

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/48247

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/48259

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/49043

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/49063

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://secunia.com/advisories/49068

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://ubuntu.com/usn/usn-1435-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.cert.fi/en/reports/2012/vulnerability595210.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.debian.org/security/2012/dsa-2427

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

http://www.osvdb.org/79003

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/51957

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1027032

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.