Debian Security Advisory
DSA-2427-1 imagemagick -- several vulnerabilities
- Date Reported:
- 06 Mar 2012
- Affected Packages:
- imagemagick
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-0247, CVE-2012-0248.
- More information:
-
Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images.
- CVE-2012-0247
When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address.
- CVE-2012-0248
Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.
For the stable distribution (squeeze), these problems have been fixed in version 8:6.6.0.4-3+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:6.6.9.7-6.
We recommend that you upgrade your imagemagick packages.
- CVE-2012-0247