CVE-2012-0260

Current Description

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Basic Data

PublishedJune 05, 2012
Last ModifiedJuly 31, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-400
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationImagemagickImagemagick********6.7.6-3
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux12.10*******
    2.3OSCanonicalUbuntu Linux13.10*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux6.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatStorage2.0*******
    2.3OSRedhatEnterprise Linux Aus6.2*******
    2.3OSRedhatEnterprise Linux Desktop5.0*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******
    2.3OSRedhatEnterprise Linux Eus6.2*******
    2.3OSRedhatEnterprise Linux Server5.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Server Eus6.2*******
    2.3OSRedhatEnterprise Linux Workstation5.0*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
  • OR - Configuration 5
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSOpensuseOpensuse11.4*******
    2.3OSOpensuseOpensuse12.1*******

Vulnerable Software List

VendorProductVersions
Imagemagick Imagemagick *
Debian Debian Linux 6.0
Canonical Ubuntu Linux 12.04, 12.10, 13.10
Redhat Enterprise Linux Workstation 5.0, 6.0
Redhat Enterprise Linux Eus 6.2
Redhat Enterprise Linux Desktop 5.0, 6.0
Redhat Storage 2.0
Redhat Enterprise Linux Aus 6.2
Redhat Enterprise Linux Server Eus 6.2
Redhat Enterprise Linux Server 5.0, 6.0
Opensuse Opensuse 11.4, 12.1

References

NameSourceURLTags
openSUSE-SU-2012:0692http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.htmlSUSEMailing List Third Party Advisory
RHSA-2012:0544http://rhn.redhat.com/errata/RHSA-2012-0544.htmlREDHATThird Party Advisory
RHSA-2012:0545http://rhn.redhat.com/errata/RHSA-2012-0545.htmlREDHATThird Party Advisory
48974http://secunia.com/advisories/48974SECUNIABroken Link
49063http://secunia.com/advisories/49063SECUNIABroken Link
49068http://secunia.com/advisories/49068SECUNIABroken Link
49317http://secunia.com/advisories/49317SECUNIABroken Link
55035http://secunia.com/advisories/55035SECUNIABroken Link
57224http://secunia.com/advisories/57224SECUNIABroken Link
http://www.cert.fi/en/reports/2012/vulnerability635606.htmlhttp://www.cert.fi/en/reports/2012/vulnerability635606.htmlMISCBroken Link
DSA-2462http://www.debian.org/security/2012/dsa-2462DEBIANThird Party Advisory
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629CONFIRMIssue Tracking Patch Vendor Advisory
81022http://www.osvdb.org/81022OSVDBBroken Link
52898http://www.securityfocus.com/bid/52898BIDPatch Third Party Advisory VDB Entry
1027032http://www.securitytracker.com/id?1027032SECTRACKThird Party Advisory VDB Entry
USN-2132-1http://www.ubuntu.com/usn/USN-2132-1UBUNTUThird Party Advisory
imagemagick-jpegwarninghandler-dos(74658)https://exchange.xforce.ibmcloud.com/vulnerabilities/74658XFThird Party Advisory VDB Entry