CVE-2012-0247Improper Input Validation in Imagemagick

CWE-20Improper Input Validation13 documents8 sources
Severity
8.8HIGHNVD
EPSS
4.2%
top 11.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
ImagemagickCanonical Ubuntu LinuxDebian Linux+7 more
Timeline
PublishedJun 5
Latest updateMay 4

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

Debianimagemagick/imagemagick< 8:6.6.9.7-6+3

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 11.04, 11.10, 12.04, Enterprise Linux 6.2

Patches

Patch: www.imagemagick.orgPatch: www.imagemagick.org

🔴Vulnerability Details

3
GHSA
GHSA-v335-7263-364v: ImageMagick 62022-05-04
OSV
CVE-2012-0247: ImageMagick 62012-06-05
CVEList
CVE-2012-0247: ImageMagick 62012-06-05

📋Vendor Advisories

5
Red Hat
Keystone: denial of service through invalid token requests2013-02-05
Ubuntu
ImageMagick vulnerabilities2012-05-01
Red Hat
ImageMagick: Incorrect fix for CVE-2012-02472012-03-19
Red Hat
ImageMagick: invalid validation of images denial of service2012-02-03
Debian
CVE-2012-0247: imagemagick - ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of ser...2012

💬Community

4
Bugzilla
CVE-2012-1185: ImageMagick: Incorrect fix for CVE-2012-02472012-03-19
Bugzilla
CVE-2012-0247 CVE-2012-0248 ImageMagick: invalid validation of images denial of service [fedora-all]2012-02-24
Bugzilla
CVE-2012-0247 CVE-2012-0248 ImageMagick: invalid validation of images denial of service [fedora-all]2012-02-23
Bugzilla
CVE-2012-0247 CVE-2012-0248 ImageMagick: invalid validation of images denial of service2012-02-10
CVE-2012-0247 — Improper Input Validation | cvebase