oss-sec mailing list archives
imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478
From: Henri Salo <henri () nerv fi>
Date: Fri, 10 Feb 2012 13:36:24 +0200
Concerning ImageMagick 6.7.5-0 and earlier: CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address. CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service. For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 CERT-FI: http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-021.html (finnish) Reported to Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659339 - Henri Salo
Current thread:
- imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Henri Salo (Feb 10)
- Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
- Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
- Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)