Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3437

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3437
Last Modified 11 Feb 2014 11:37:57
Published 07 Aug 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3437

Summary

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Vulnerable Systems

Application

  • Imagemagick 6.7.8-6


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=844101

XF - imagemagick-png-dos(77260)

SECTRACK - 1027321

BID - 54714

SECUNIA - 50091

UBUNTU - USN-1544-1

SECUNIA - 50398

MANDRIVA - MDVSA-2012:160

SUSE - openSUSE-SU-2013:0535

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243

MANDRIVA - MDVSA-2013:092


Last Updated: 27 May 2016 10:42:38