Resource exhaustion in Imagemagick
CVE-2012-0260
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
Vulnerability class: DoS (Denial of Service)
EPSS: 0.019 (83.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Imagemagick
- Canonical Ubuntu_linux — versions 12.04, 12.10, 13.10
- Debian Debian_linux — versions 6.0
- Opensuse — versions 11.4, 12.1
- Redhat Enterprise_linux_aus — versions 6.2
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 6.2
- Redhat Enterprise_linux_server — versions 5.0, 6.0
- Redhat Enterprise_linux_server_eus — versions 6.2
- Redhat Enterprise_linux_workstation — versions 5.0, 6.0
Weakness classification (CWE)
References
- 55035 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- 49068 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- imagemagick-jpegwarninghandler-dos(74658) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- openSUSE-SU-2012:0692 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 57224 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- USN-2132-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- DSA-2462 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- 49063 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
- 52898 (Patch, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- RHSA-2012:0544 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2012-0260?
- CVE-2012-0260 is a medium-severity vulnerability in Imagemagick, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2012-06-05.
- How severe is CVE-2012-0260?
- Medium severity. CVSS v3 base score is 6.5 out of 10.