Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2012-0247

Published: 05/06/2012 Updated: 31/07/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Imagemagick

Vulnerability Summary

ImageMagick 6.7.5-7 and previous versions allows remote malicious users to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

imagemagick imagemagick

debian debian linux 6.0

debian debian linux 7.0

canonical ubuntu linux 10.04

canonical ubuntu linux 11.04

canonical ubuntu linux 11.10

canonical ubuntu linux 12.04

redhat storage 2.0

redhat enterprise linux desktop 5.0

redhat enterprise linux desktop 6.0

redhat enterprise linux eus 6.2

redhat enterprise linux server 5.0

redhat enterprise linux server 6.0

redhat enterprise linux server aus 6.2

redhat enterprise linux server eus 6.2

redhat enterprise linux workstation 5.0

redhat enterprise linux workstation 6.0

Vendor Advisories

Ubuntu Security Notice: imagemagick vulnerabilities
ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file ...
Red Hat: Moderate: ImageMagick security and bug fix update
Synopsis Moderate: ImageMagick security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated ImageMagick packages that fix three security issues and one bug arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecuri ...
Red Hat: Moderate: ImageMagick security update
Synopsis Moderate: ImageMagick security update Type/Severity Security Advisory: Moderate Topic Updated ImageMagick packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vul ...
Debian CVElist Bug Report Logs: imagemagick: Invalid validation DoS CVE-2012-0247/CVE-2012-02478
Debian Bug report logs - #659339 imagemagick: Invalid validation DoS CVE-2012-0247/CVE-2012-02478 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported by: Henri Salo <henri@nerv ...
Debian CVElist Bug Report Logs: CVE-2012-1185 / CVE-2012-1186: incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248
Debian Bug report logs - #665007 CVE-2012-1185 / CVE-2012-1186: incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 Package: imagemagick; Maintainer for imagemagick is ImageMagick Packaging Team <pkg-gmagick-im-team@listsaliothdebianorg>; Source for imagemagick is src:imagemagick (PTS, buildd, popcon) Reported ...
Debian Security Advisories: DSA-2427-1 imagemagick -- several vulnerabilities
Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address CVE-2012-0248 Parsing a maliciously ...
Amazon Linux AMI: ALAS-2012-076
A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code (CVE-2012-0247) A denial of service flaw was found in the way ImageMa ...

References

CWE-20http://secunia.com/advisories/49043http://ubuntu.com/usn/usn-1435-1http://rhn.redhat.com/errata/RHSA-2012-0545.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0544.htmlhttp://secunia.com/advisories/48247http://www.gentoo.org/security/en/glsa/glsa-201203-09.xmlhttp://secunia.com/advisories/48259http://www.cert.fi/en/reports/2012/vulnerability595210.htmlhttp://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286http://www.debian.org/security/2012/dsa-2427http://secunia.com/advisories/49068http://secunia.com/advisories/47926http://secunia.com/advisories/49063http://www.osvdb.org/79003http://www.securitytracker.com/id?1027032https://usn.ubuntu.com/1435-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook