10 Feb 2012
20 Mar 2012
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Two vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) An error when parsing offset and count values within the ResolutionUnit tag in EXIF IFD0 can be exploited to corrupt memory via a specially crafted image.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
2) An error when parsing an IFD with IOP tag offsets pointing to the start of the IFD can be exploited to cause an infinite loop via a specially crafted image.
The vulnerabilities are reported in versions prior to 6.7.5-8.
Update to version 6.7.5-8.
The vendor credits Mr. Joonas Kuorilehto and Mr. Aleksis Kauppinen, Codenomicon CROSS project.