ImageMagick Multiple Denial Of Service Vulnerabilities - 02 June13 (Windows) Network Vulnerability

Summary

The host is installed with ImageMagick and is prone to multiple denial of service Vulnerabilities.

Impact

Successful exploitation will allow a context-dependent attacker to cause denial of service result in loss of availability for the application. Impact Level: Application

Solution

Upgrade to ImageMagick version 6.7.5-8 or later. http://www.imagemagick.org/script/download.php

Insight

Multiple flaw is due to, - Error when parsing an IFD with IOP tag offsets pointing to the start of the IFD. - Improper sanitation of user supplied input when parsing offset and count values of the ResolutionUnit tag in EXIF IFD0.

Affected

ImageMagick version 6.7.5-7 and earlier on Windows.

References

http://securitytracker.com/id?1027032
http://www.cert.fi/en/reports/2012_15/vulnerability595210.html
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
http://www.osvdb.com/79003
http://www.osvdb.com/79004

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0247, CVE-2012-0248
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Alleycode HTML Editor Buffer Overflow Vulnerabilities
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Adobe Flash Player Buffer Overflow Vulnerability (Linux)
Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Apache mod_proxy content-length buffer overflow

ImageMagick Multiple Denial of Service Vulnerabilities - 02 June13 (Windows)

Take action and discover your vulnerabilities