CVE-2012-3437

Severity

43%

Complexity

86%

Confidentiality

48%

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 12 years ago

2012-08-07 21:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

ImageMagick 6.7.8-6

6.7.8-6

References

openSUSE-SU-2013:0535

50091

Vendor Advisory

50398

MDVSA-2012:160

MDVSA-2013:092

54714

1027321

USN-1544-1

https://bugzilla.redhat.com/show_bug.cgi?id=844101

imagemagick-png-dos(77260)

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.