Computer Security
[EN] securityvulns.ru
no-pyccku



CVECVE-2012-1186
StatusCandidate
DescriptionInteger overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
SeverityMedium
CVSS score4,3
CVSS vector(AV:N/AC:M/Au:N/C:N/I:N/A:P)
PhaseAssigned (14.02.2012)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1186
ReferencesBID : 51957
 CONFIRM : http://trac.imagemagick.org/changeset/6998/ImageMa...
 DEBIAN : DSA-2462
 MISC : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-20...
 MLIST : [oss-security] 20120319 Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248
 OSVDB : 80555
 SECUNIA : 47926
 SECUNIA : 48974
 SECUNIA : 49043
 SECUNIA : 49317
 SUSE : openSUSE-SU-2012:0692
 UBUNTU : USN-1435-1
 XF : imagemagick-syncimageprofiles-dos(76139)
SecurityVulns:Imagemagic multiple security vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru