ImageMagick < 6.7.6-3 Multiple Vulnerabilities
Medium Nessus Plugin ID 59370
SynopsisThe remote Windows host contains an application that is affected by multiple vulnerabilities.
DescriptionThe remote Windows host is running a version of ImageMagick earlier than 6.7.6-3 and is, therefore, affected by the following vulnerabilities :
- An error exists in the function 'GetEXIFProperty' in the file 'magick/property.c' that can cause the application to crash when processing JPEG 'EXIF' data.
- An error exists in the function 'JPEGWarningHandler' in the file 'coders/jpeg.c' that can cause the application to consume large amounts of resources when handling JPEG 'restart' markers. (CVE-2012-0260)
- An error exists in the function 'TIFFGetEXIFProperties' in the file 'coders/tiff.c' that can cause the application crash when processing TIFF 'EXIF' 'IFD' data. (CVE-2012-1798)
SolutionUpgrade to ImageMagick version 6.7.6-3 or later.
Note that you may need to manually uninstall the vulnerable version from the system.