mailing list archives
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478
From: Vincent Danen <vdanen () redhat com>
Date: Fri, 10 Feb 2012 11:58:28 -0700
* [2012-02-10 11:51:57 -0700] Vincent Danen wrote:
* [2012-02-10 13:36:24 +0200] Henri Salo wrote:
Concerning ImageMagick 6.7.5-0 and earlier:
CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in
EXIF IFD0, ImageMagick copies two bytes into an invalid address.
CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the
beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service.
For more details please read: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
CERT-FI: http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-021.html (finnish)
Reported to Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659339
Do we know when this was introduced? At a quick glance here, I don't
see magick/property.c in 6.2.8, but I do see it in 6.6.5, so somewhere
between those two versions that file and functionality was added.
Sorry, I do see it in 6.5.4 as well, so between 6.2.8 and 6.5.4.
Vincent Danen / Red Hat Security Response Team