OSVDB ID: 79004

Title: ImageMagick IFD IOP Tag Offset Infinite Loop Image Handling Remote DoS

Info

Disclosure

Feb 03, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Feb 03, 2012

Description

ImageMagick contains a flaw that may allow a remote denial of service. The issue is due to an error when parsing an IFD with IOP tag offsets pointing to the start of the IFD, which causes the application to go into an infinite loop resulting in a loss of availability.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 6.7.5-8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

ImageMagick Studio LLC

ImageMagick

6.7.5-7

References

Security Tracker: 1027032
CVE ID: 2012-0248 (see also: NVD)
Secunia Advisory ID: 47926 48247 48259 49043 49063 49068 49317 49478
Bugtraq ID: 51957
Related OSVDB ID: 79003
Vendor Specific News/Changelog Entry: http://article.gmane.org/gmane.linux.gentoo.announce/1945
http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-0.html
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13343.html
http://www.debian.org/security/2012/dsa-2427
http://www.ubuntu.com/usn/usn-1435-1/
Other Advisory URL: http://www.cert.fi/en/reports/2012_15/vulnerability595210.html
Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-201203-09.xml
Vendor URL: http://www.imagemagick.org/
Vendor Specific Advisory URL: http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286
RedHat RHSA: RHSA-2012:0544 RHSA-2012:0545

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/79004