Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2012-06-05 15:55
Updated : 2023-02-12 20:33
NVD link : CVE-2012-1185
Mitre link : CVE-2012-1185
JSON object : View
CWE
CWE-190
Integer Overflow or Wraparound
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
opensuse
- opensuse
imagemagick
- imagemagick