ImageMagick Multiple Denial Of Service Vulnerabilities - 01 June13 (Windows) Network Vulnerability

Summary

The host is installed with ImageMagick and is prone to multiple denial of service Vulnerabilities.

Impact

Successful exploitation will allow a context-dependent attacker to cause denial of service result in loss of availability for the application. Impact Level: Application

Solution

Upgrade to ImageMagick version 6.7.6-3 or later. http://www.imagemagick.org/script/download.php

Insight

Multiple flaw are due to an, - Improper handling of JPEG restart markers of the 'JPEGWarningHandler()' function in coders/jpeg.c - Improper handling a JPEG EXIF tag of the 'GetEXIFProperty()' function in magick/property.c - Error occurs when parsing TIFF EXIF IFD of the 'TIFFGetEXIFProperties()' function in coders/tiff.c

Affected

ImageMagick version before 6.7.6-3 on Windows.

References

http://seclists.org/oss-sec/2012/q2/19
http://www.cert.fi/en/reports/2012/vulnerability635606.html
http://www.osvdb.com/81021
http://www.osvdb.com/81022
http://xforce.iss.net/xforce/xfdb/74659

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability
Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
Simple Web Server Connection Header Buffer Overflow Vulnerability
Ziproxy PNG Image Processing Buffer Overflow Vulnerability
Mereo 'GET' Request Remote Buffer Overflow Vulnerability

ImageMagick Multiple Denial of Service Vulnerabilities - 01 June13 (Windows)

Take action and discover your vulnerabilities