CVE-2012-3437

Priority
Medium
Description
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does
not use the proper variable type for the allocation size, which might allow
remote attackers to cause a denial of service (crash) via a crafted PNG
file that triggers incorrect memory allocation.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3437
http://xforce.iss.net/xforce/xfdb/77260
http://www.securitytracker.com/id?1027321
http://secunia.com/advisories/50091
http://www.ubuntu.com/usn/usn-1544-1
Bugs
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683285
https://bugzilla.redhat.com/show_bug.cgi?id=844101
Notes
tyhicks> png_IM_malloc() in older releases
Assigned-to
jdstrand
Package
Source: imagemagick (LP Ubuntu Debian)
Upstream:released (8:6.7.7.10-3)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (7:6.5.7.8-1ubuntu1.3)
Ubuntu 11.04 (Natty Narwhal):released (7:6.6.2.6-1ubuntu4.2)
Ubuntu 11.10 (Oneiric Ocelot):released (8:6.6.0.4-3ubuntu1.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (8:6.6.9.7-5ubuntu3.2)
Ubuntu 12.10 (Quantal Quetzal):released (8:6.7.7.10-2ubuntu4)
Patches:
Upstream:http://trac.imagemagick.org/changeset/8733/ImageMagick/trunk/coders/png.c
More Information

Valid XHTML 1.0 Strict

Updated: 2012-08-22 16:14:33 UTC (commit 5653)