CVE-2012-0248

Publication date 13 February 2012

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
imagemagick	12.04 LTS precise	Fixed 8:6.6.9.7-5ubuntu3.1
	11.10 oneiric	Fixed 8:6.6.0.4-3ubuntu1.1
	11.04 natty	Fixed 7:6.6.2.6-1ubuntu4.1
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Fixed 7:6.5.7.8-1ubuntu1.2
	8.04 LTS hardy	Ignored end of life

Notes

jdstrand

r6998 is the fix for CVE-2012-1186 which was assigned as an incomplete fix for this issue (see oss-sec for more information).

mdeslaur

see fixes in CVE-2012-0247

Severity score breakdown

Parameter	Value
Base score	5.5 · Medium
Attack vector	Local
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-1435-1
ImageMagick vulnerabilities
1 May 2012