Debian Security Advisory
DSA-2427-1 imagemagick -- several vulnerabilities
- Date Reported:
- 06 Mar 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0247, CVE-2012-0248.
- More information:
Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images.
When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address.
Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.
For the stable distribution (squeeze), these problems have been fixed in version 8:220.127.116.11-3+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:18.104.22.168-6.
We recommend that you upgrade your imagemagick packages.