ImageMagick < 6.7.6-4 profile.c Heap-Based Buffer Overflow
Medium Nessus Plugin ID 59371
SynopsisThe remote Windows host contains an application that is affected by a buffer overflow vulnerability.
DescriptionThe remote Windows host is running a version of ImageMagick earlier than 6.7.6-4 and is, therefore, affected by a heap-based buffer overflow vulnerability because the fix for CVE-2012-0259 was incomplete.
The functions 'GetEXIFProperty' and 'SyncImageProfiles' in the file 'magick/profile.c' do not properly validate user-supplied input. This error can cause the application to crash when processing certain 'EXIF' data.
SolutionUpgrade to ImageMagick version 6.7.6-4 or later.
Note that you may need to manually uninstall the vulnerable version from the system.