CVE-2012-0248Infinite Loop in Imagemagick

CWE-835Infinite Loop12 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 47.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
ImagemagickCanonical Ubuntu LinuxDebian Linux+7 more
Timeline
PublishedJun 5
Latest updateMay 4

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

Debianimagemagick/imagemagick< 8:6.6.9.7-6+3

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 11.04, 11.10, 12.04, Enterprise Linux 6.2

Patches

Patch: www.imagemagick.orgPatch: www.imagemagick.org

🔴Vulnerability Details

3
GHSA
GHSA-jxh3-f5j5-g9vq: ImageMagick 62022-05-04
OSV
CVE-2012-0248: ImageMagick 62012-06-05
CVEList
CVE-2012-0248: ImageMagick 62012-06-05

📋Vendor Advisories

4
Ubuntu
ImageMagick vulnerabilities2012-05-01
Red Hat
ImageMagick: Incorrect fix for CVE-2012-02482012-03-19
Red Hat
ImageMagick: invalid validation of images denial of service2012-02-03
Debian
CVE-2012-0248: imagemagick - ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of ser...2012

💬Community

4
Bugzilla
CVE-2012-1186: ImageMagick: Incorrect fix for CVE-2012-02482012-03-19
Bugzilla
CVE-2012-0247 CVE-2012-0248 ImageMagick: invalid validation of images denial of service [fedora-all]2012-02-24
Bugzilla
CVE-2012-0247 CVE-2012-0248 ImageMagick: invalid validation of images denial of service [fedora-all]2012-02-23
Bugzilla
CVE-2012-0247 CVE-2012-0248 ImageMagick: invalid validation of images denial of service2012-02-10
CVE-2012-0248 — Infinite Loop in Imagemagick | cvebase