ImageMagick Multiple Denial Of Service Vulnerabilities - 02 June13 (Windows) Network Vulnerability

Summary

The host is installed with ImageMagick and is prone to multiple denial of service Vulnerabilities.

Impact

Successful exploitation will allow a context-dependent attacker to cause denial of service result in loss of availability for the application. Impact Level: Application

Solution

Upgrade to ImageMagick version 6.7.5-8 or later. http://www.imagemagick.org/script/download.php

Insight

Multiple flaw is due to, - Error when parsing an IFD with IOP tag offsets pointing to the start of the IFD. - Improper sanitation of user supplied input when parsing offset and count values of the ResolutionUnit tag in EXIF IFD0.

Affected

ImageMagick version 6.7.5-7 and earlier on Windows.

References

http://securitytracker.com/id?1027032
http://www.cert.fi/en/reports/2012_15/vulnerability595210.html
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
http://www.osvdb.com/79003
http://www.osvdb.com/79004

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0247, CVE-2012-0248

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)
CuteFTP Heap Based Buffer Overflow Vulnerability
Apple QuickTime Multiple Vulnerabilities - Sep09
Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)
Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability

ImageMagick Multiple Denial of Service Vulnerabilities - 02 June13 (Windows)

Take action and discover your vulnerabilities