CVE-2012-0247
Publication date 13 February 2012
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
Status
Package | Ubuntu Release | Status |
---|---|---|
imagemagick | 12.04 LTS precise |
Fixed 8:6.6.9.7-5ubuntu3.1
|
11.10 oneiric |
Fixed 8:6.6.0.4-3ubuntu1.1
|
|
11.04 natty |
Fixed 7:6.6.2.6-1ubuntu4.1
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Fixed 7:6.5.7.8-1ubuntu1.2
|
|
8.04 LTS hardy | Ignored end of life |
Notes
Patch details
Package | Patch details |
---|---|
imagemagick |
|
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-1435-1
- ImageMagick vulnerabilities
- 1 May 2012