Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3438

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3438
Last Modified 04 Jun 2013 11:35:51
Published 07 Aug 2012 05:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3438

Summary

The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Vulnerable Systems

Application

  • Graphicsmagick 1.3.16


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=844105

XF - graphicsmagick-png-dos(77259)

BID - 54716

SECUNIA - 50090

CONFIRM - http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2

MANDRIVA - MDVSA-2012:165

SUSE - openSUSE-SU-2013:0536


Last Updated: 27 May 2016 10:55:02