CVE-2012-0247

high

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

References

Advisories
More

http://www.securitytracker.com/id?1027032

http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml

http://www.debian.org/security/2012/dsa-2427

http://ubuntu.com/usn/usn-1435-1

http://rhn.redhat.com/errata/RHSA-2012-0545.html

http://rhn.redhat.com/errata/RHSA-2012-0544.html

http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286

Details

Source: Mitre, NVD

Published: 2012-06-05

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.04983

Detections

Analytics