Out-of-bounds Read in Imagemagick
CVE-2012-1798
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
Vulnerability class: Buffer Overflow
EPSS: 0.014 (80.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Imagemagick
- Debian Debian_linux — versions 6.0
- Opensuse — versions 11.4, 12.1
- Redhat Enterprise_linux_desktop — versions 6.0
- Redhat Enterprise_linux_eus — versions 6.2
- Redhat Enterprise_linux_server — versions 6.0
- Redhat Enterprise_linux_server_aus — versions 6.2
- Redhat Enterprise_linux_server_eus — versions 6.2
- Redhat Enterprise_linux_workstation — versions 6.0
- Redhat Storage — versions 2.0
Weakness classification (CWE)
References
- 55035 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- imagemagick-tiffexififd-dos(74659) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- 49068 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- openSUSE-SU-2012:0692 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- 81023 (x_refsource_OSVDB, vdb-entry, Broken Link)
- DSA-2462 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- 49063 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- 52898 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- RHSA-2012:0544 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 48974 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
Frequently asked questions
- What is CVE-2012-1798?
- CVE-2012-1798 is a medium-severity vulnerability in Imagemagick, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2012-06-05.
- How severe is CVE-2012-1798?
- Medium severity. CVSS v3 base score is 6.5 out of 10.