PublicDateAtUSN: 2012-02-13
Candidate: CVE-2012-0248
PublicDate: 2012-06-05 22:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0248
 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
 http://www.openwall.com/lists/oss-security/2012/03/19/5
 https://ubuntu.com/security/notices/USN-1435-1
Description:
 ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial
 of service (infinite loop and hang) via a crafted image whose IFD contains
 IOP tags that all reference the beginning of the IDF.
Ubuntu-Description: 
Notes: 
 jdstrand> r6998 is the fix for CVE-2012-1186 which was assigned as an
  incomplete fix for this issue (see oss-sec for more information).
 mdeslaur> see fixes in CVE-2012-0247
Bugs: 
Priority: low
Discovered-by: Joonas Kuorilehto and Aleksis Kauppinen
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_imagemagick:
upstream_imagemagick: released (6.7.5.6)
hardy_imagemagick: ignored (reached end-of-life)
lucid_imagemagick: released (7:6.5.7.8-1ubuntu1.2)
maverick_imagemagick: ignored (reached end-of-life)
natty_imagemagick: released (7:6.6.2.6-1ubuntu4.1)
oneiric_imagemagick: released (8:6.6.0.4-3ubuntu1.1)
precise_imagemagick: released (8:6.6.9.7-5ubuntu3.1)
devel_imagemagick: released (8:6.6.9.7-5ubuntu3.1)