CVE-2012-0260 — Uncontrolled Resource Consumption in Imagemagick

CWE-400 — Uncontrolled Resource Consumption9 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

1.9%

top 16.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Canonical Ubuntu Linux Debian Linux +8 more

Timeline

PublishedJun 5

Latest updateMay 4

Description

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶NVDimagemagick/imagemagick< 6.7.6-3

▶Debianimagemagick/imagemagick< 8:6.7.4.0-4+3

▶NVDredhat/storage2.0

▶NVDopensuse/opensuse11.4, 12.1+1

▶NVDredhat/enterprise_linux_server5.0, 6.0+1

Also affects: Debian Linux 6.0, Ubuntu Linux 12.04, 12.10, 13.10, Enterprise Linux 6.2

Patches

Patch: www.imagemagick.org ↗Patch: www.securityfocus.com ↗Patch: www.imagemagick.org ↗

🔴Vulnerability Details

GHSA

GHSA-xqm6-6gwm-hwpw: The JPEGWarningHandler function in coders/jpeg↗2022-05-04

▶

OSV

CVE-2012-0260: The JPEGWarningHandler function in coders/jpeg↗2012-06-05

▶

CVEList

CVE-2012-0260: The JPEGWarningHandler function in coders/jpeg↗2012-06-05

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerabilities↗2014-03-06

▶

Red Hat

ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers↗2012-03-28

▶

Debian

CVE-2012-0260: imagemagick - The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 a...↗2012

▶

💬Community

Bugzilla

CVE-2012-0260 ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers↗2012-03-29

▶

Bugzilla

CVE-2012-0259 CVE-2012-0260 CVE-2012-1798 ImageMagick various flaws [fedora-all]↗2012-03-29

▶