Internet threat level: 1
Home→Descriptions→SA47926
ImageMagick Two Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
10 Feb 2012 |
| Last Change |
20 Mar 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
ImageMagick 6.x |
| Where | |
| Impact |
DoS (Denial of Service)This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Two vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error when parsing offset and count values within the ResolutionUnit tag in EXIF IFD0 can be exploited to corrupt memory via a specially crafted image. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) An error when parsing an IFD with IOP tag offsets pointing to the start of the IFD can be exploited to cause an infinite loop via a specially crafted image. The vulnerabilities are reported in versions prior to 6.7.5-8. |
| Solution |
Update to version 6.7.5-8. |
| Reported by |
The vendor credits Mr. Joonas Kuorilehto and Mr. Aleksis Kauppinen, Codenomicon CROSS project. |
| Original Advisory |
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.