Summary
The host is installed with ImageMagick and is prone to multiple denial of service Vulnerabilities.
Impact
Successful exploitation will allow a context-dependent attacker to cause denial of service result in loss of availability for the application.
Impact Level: Application
Solution
Upgrade to ImageMagick version 6.7.6-3 or later.
http://www.imagemagick.org/script/download.php
Insight
Multiple flaw are due to an,
- Improper handling of JPEG restart markers of the 'JPEGWarningHandler()' function in coders/jpeg.c
- Improper handling a JPEG EXIF tag of the 'GetEXIFProperty()' function in magick/property.c
- Error occurs when parsing TIFF EXIF IFD of the 'TIFFGetEXIFProperties()' function in coders/tiff.c
Affected
ImageMagick version before 6.7.6-3 on Windows.
References
Severity
Classification
-
CVE CVE-2012-0259, CVE-2012-0260, CVE-2012-1798 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability
- Microsoft Internet Explorer Buffer Overflow Vulnerability - Jul09
- Simple Web Server Connection Header Buffer Overflow Vulnerability
- Ziproxy PNG Image Processing Buffer Overflow Vulnerability
- Mereo 'GET' Request Remote Buffer Overflow Vulnerability