CVE-2012-1798: The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and…

medium6.5CVSS 3.1

AVNACLPRNUIRSUCNINAH

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	imagemagick	< imagemagick 8:6.7.4.0-4 (bookworm)	imagemagick 8:6.7.4.0-4 (bookworm)
imagemagick	imagemagick	< 6.7.6-3	6.7.6-3
imagemagick	imagemagick	>= 0 < 8:6.7.4.0-4	8:6.7.4.0-4
imagemagick	imagemagick	>= 0 < 8:6.7.4.0-4	8:6.7.4.0-4
imagemagick	imagemagick	>= 0 < 8:6.7.4.0-4	8:6.7.4.0-4
imagemagick	imagemagick	>= 0 < 8:6.7.4.0-4	8:6.7.4.0-4
opensuse	opensuse	—	—
opensuse	opensuse	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_workstation	—	—
redhat	storage	—	—

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv6.5MEDIUM