CVE-2012-3437 — Imagemagick vulnerability

9 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

3.3%

top 12.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedAug 7

Latest updateMay 17

Description

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.7.7.10-3 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.7.7.10-3+3

▶NVDimagemagick/imagemagick6.7.8-6

🔴Vulnerability Details

GHSA

GHSA-f7f6-4j5g-969q: The Magick_png_malloc function in coders/png↗2022-05-17

▶

OSV

CVE-2012-3437: The Magick_png_malloc function in coders/png↗2012-08-07

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerability↗2012-08-22

▶

Red Hat

ImageMagick: Magick_png_malloc() size argument↗2012-07-27

▶

Debian

CVE-2012-3437: imagemagick - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier ...↗2012

▶

💬Community

Bugzilla

CVE-2012-3437 ImageMagick: Magick_png_malloc() size argument↗2012-07-28

▶

Bugzilla

CVE-2012-3438 GraphicsMagick: png_IM_malloc() size argument↗2012-07-28

▶

Bugzilla

CVE-2012-3437 ImageMagick: Magick_png_malloc() size argument [fedora-all]↗2012-07-28

▶