First published: Tue Jun 05 2012(Updated: )
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
ImageMagick | <=6.7.5-7 | |
Debian Linux | =6.0 | |
Debian Linux | =7.0 | |
Ubuntu | =10.04 | |
Ubuntu | =11.04 | |
Ubuntu | =11.10 | |
Ubuntu | =12.04 | |
Red Hat Storage | =2.0 | |
Red Hat Enterprise Linux Desktop | =5.0 | |
Red Hat Enterprise Linux Desktop | =6.0 | |
Red Hat Enterprise Linux Server EUS | =6.2 | |
Red Hat Enterprise Linux Server | =5.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =6.2 | |
Red Hat Enterprise Linux Server | =6.2 | |
Red Hat Enterprise Linux Workstation | =5.0 | |
Red Hat Enterprise Linux Workstation | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-0247 has a severity rating that indicates a denial of service and potential for arbitrary code execution.
To fix CVE-2012-0247, update ImageMagick to a version later than 6.7.5-7.
CVE-2012-0247 can facilitate denial of service attacks and may allow attackers to execute arbitrary code.
CVE-2012-0247 affects ImageMagick version 6.7.5-7 and earlier, as well as specific versions of Debian and Ubuntu Linux.
Yes, CVE-2012-0247 can be exploited by remote attackers through crafted images.