CVE-2012-3437 (retired)

Priority
Description
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and
earlier does not use the proper variable type for the allocation size,
which might allow remote attackers to cause a denial of service (crash) via
a crafted PNG file that triggers incorrect memory allocation.
Notes
 tyhicks> png_IM_malloc() in older releases
Assigned-to
jdstrand
Package
Upstream:released (8:6.7.7.10-3)
Ubuntu 12.04 ESM (Precise Pangolin):released (8:6.7.7.10-2ubuntu4)
Patches:
Upstream:http://trac.imagemagick.org/changeset/8733/ImageMagick/trunk/coders/png.c
More Information

Updated: 2019-03-26 12:02:59 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)