Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images. CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address. CVE-2012-0248 Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service. For the stable distribution (squeeze), these problems have been fixed in version 8:6.6.0.4-3+squeeze1. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:6.6.9.7-6. We recommend that you upgrade your imagemagick packages.
Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images.
When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address.
Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.
For the stable distribution (squeeze), these problems have been fixed in version 8:6.6.0.4-3+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:6.6.9.7-6.
We recommend that you upgrade your imagemagick packages.