CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2012-0259 – ImageMagick: Out-of heap-based buffer read by processing crafted JPEG EXIF header tag value
https://notcve.org/view.php?id=CVE-2012-0259
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. La función GetEXIFProperty en magick/property.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un valor cero en el número de componentes de una etiqueta EXIF Xresolution en un archivo JPEG, lo que desencadena una lectura fuera de límites. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://secunia.com/advisories/48679 http://secunia.com/advisories/48974 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability635606.html http://www.debian.org/security/2012/dsa-2462 http • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0260 – ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers
https://notcve.org/view.php?id=CVE-2012-0260
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. La función de JPEGWarningHandler en coders/jpeg.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una imagen JPEG con una secuencia de marcadores de reinicio hecha a mano. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/48974 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://secunia.com/advisories/57224 http://www.cert.fi/en/reports/2012/vulnerability635606.html http://www.debian.org/security/2012&#x • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 8EXPL: 0CVE-2012-1185
https://notcve.org/view.php?id=CVE-2012-1185
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Múltiples desbordamientos de enteros en (1) Magick/profile.c o (2) magick/property.c de ImageMagick v6.7.5 y anteriores permite a atacantes remotos causar una denegación de servicio (por corrupción de memoria) y posiblemente ejecutar código de su elección a través de un valor de desplazamiento modificado en la etiqueta ResolutionUnit en EXIF IFD0 de una imagen. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-0247. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48974 http://secunia.com/advisories/49043 http://secunia.com/advisories/49317 http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c http://ubuntu.com/usn/usn-1435-1 http://www.debian.org/security/2012/dsa-246 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0248 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0248
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo) a través de una imagen hecha a mano, cuya IFD contiene etiquetas IOP que referencian al principio del IDF. • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.8EPSS: 76%CPEs: 17EXPL: 0CVE-2012-0247 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0247
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección a través de desplazamientos (offsets) modificados y contar valores en la etiqueta ResolutionUnit en el EXIF IFD0 de una imagen . • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-20: Improper Input Validation •