[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-3437Date: (C)2012-08-07   (M)2023-12-22


The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1027321
SECUNIA-50091
SECUNIA-50398
BID-54714
MDVSA-2012:160
MDVSA-2013:092
USN-1544-1
https://bugzilla.redhat.com/show_bug.cgi?id=844101
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243
imagemagick-png-dos(77260)
openSUSE-SU-2013:0535

CPE    1
cpe:/a:imagemagick:imagemagick:6.7.8-6
OVAL    5
oval:org.secpod.oval:def:302969
oval:org.secpod.oval:def:104102
oval:org.secpod.oval:def:700977
oval:org.secpod.oval:def:104101
...

© SecPod Technologies