CVE-2012-3437

Published: 7 August 2012

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Notes

Author	Note
tyhicks	png_IM_malloc() in older releases

Priority

Status

Package	Release	Status
imagemagick Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (7:6.5.7.8-1ubuntu1.3)
	natty	Released (7:6.6.2.6-1ubuntu4.2)
	oneiric	Released (8:6.6.0.4-3ubuntu1.2)
	precise	Released (8:6.6.9.7-5ubuntu3.2)
	upstream	Released (8:6.7.7.10-3)
	Patches: upstream: http://trac.imagemagick.org/changeset/8733/ImageMagick/trunk/coders/png.c

References

http://xforce.iss.net/xforce/xfdb/77260
http://www.securitytracker.com/id?1027321
http://secunia.com/advisories/50091
https://ubuntu.com/security/notices/USN-1544-1
https://www.cve.org/CVERecord?id=CVE-2012-3437
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683285
https://bugzilla.redhat.com/show_bug.cgi?id=844101

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›