cbcvebase.
CVE-2012-1185
published 2012-06-05

CVE-2012-1185: Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of…

PriorityP346high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
30.90%
98.0th percentile
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.

Affected

13 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianimagemagick< imagemagick 8:6.6.9.7-7 (bookworm)imagemagick 8:6.6.9.7-7 (bookworm)
imagemagickimagemagick<= 6.7.5
imagemagickimagemagick>= 0 < 8:6.6.9.7-78:6.6.9.7-7
imagemagickimagemagick>= 0 < 8:6.6.9.7-78:6.6.9.7-7
imagemagickimagemagick>= 0 < 8:6.6.9.7-78:6.6.9.7-7
imagemagickimagemagick>= 0 < 8:6.6.9.7-78:6.6.9.7-7
opensuseopensuse
opensuseopensuse

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.