Vulnerability Name:

CVE-2012-0259 (CCN-74657)

Assigned:2011-12-21
Published:2012-03-28
Updated:2020-07-31
Summary:The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-125
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-0259

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2012:0692

Source: CCN
Type: RHSA-2012-0544
Moderate: ImageMagick security update

Source: REDHAT
Type: Third Party Advisory
RHSA-2012:0544

Source: CCN
Type: SA48679
ImageMagick Multiple Denial of Service Vulnerabilities

Source: SECUNIA
Type: Broken Link
48679

Source: SECUNIA
Type: Broken Link
48974

Source: SECUNIA
Type: Broken Link
49043

Source: SECUNIA
Type: Broken Link
49063

Source: SECUNIA
Type: Broken Link
49317

Source: CCN
Type: SA55035
Oracle Solaris ImageMagick Multiple Denial of Service Vulnerabilities

Source: SECUNIA
Type: Broken Link
55035

Source: UBUNTU
Type: Third Party Advisory
USN-1435-1

Source: CCN
Type: CERT-FI
CERT-FI Advisory on issues in ImageMagick

Source: MISC
Type: Broken Link
http://www.cert.fi/en/reports/2012/vulnerability635606.html

Source: DEBIAN
Type: Third Party Advisory
DSA-2462

Source: DEBIAN
Type: DSA-2462
imagemagick -- several vulnerabilities

Source: CCN
Type: ImageMagick Web Site
ImageMagick Vulnerabilities

Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629

Source: OSVDB
Type: Broken Link
81021

Source: CCN
Type: OSVDB ID: 81021
ImageMagick magick/property.c GetEXIFProperty() Function JPEG EXIF Tag Handling Invalid Memory Access Remote DoS

Source: BID
Type: Third Party Advisory, VDB Entry
52898

Source: CCN
Type: BID-52898
ImageMagick Multiple Denial of Service Vulnerabilities

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1027032

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259

Source: XF
Type: Third Party Advisory, VDB Entry
imagemagick-jpegexif-dos(74657)

Source: XF
Type: UNKNOWN
imagemagick-jpegexif-dos(74657)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:imagemagick:imagemagick:*:*:*:*:*:*:*:* (Version < 6.7.6-3)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

    • Configuration 4:
  • cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:imagemagick:imagemagick:6.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:imagemagick:imagemagick:6.7.6-2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20120259
    V
    		CVE-2012-0259
    2022-05-20
    oval:org.opensuse.security:def:26220
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:42345
    P
    		Security update for libmspack (Low)
    2022-01-13
    oval:org.opensuse.security:def:31715
    P
    		Security update for the Linux Kernel (Important)
    2021-12-06
    oval:org.opensuse.security:def:32225
    P
    		Security update for postgresql10 (Important)
    2021-11-22
    oval:org.opensuse.security:def:29448
    P
    		Security update for postgresql10 (Important)
    2021-11-22
    oval:org.opensuse.security:def:26167
    P
    		Security update for php72 (Moderate)
    2021-11-19
    oval:org.opensuse.security:def:26147
    P
    		Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:32181
    P
    		Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:26118
    P
    		Security update for php72 (Important)
    2021-09-02
    oval:org.opensuse.security:def:26112
    P
    		Security update for sssd (Important)
    2021-08-30
    oval:org.opensuse.security:def:32159
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:31650
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:32122
    P
    		Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31639
    P
    		Security update for freeradius-server (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:31638
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:36172
    P
    		libMagickCore1-32bit-6.4.3.6-7.30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36359
    P
    		ImageMagick-6.4.3.6-7.30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42579
    P
    		libMagickCore1-32bit-6.4.3.6-7.30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26065
    P
    		Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:26063
    P
    		Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:31623
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:32092
    P
    		Security update for the Linux Kernel (Important)
    2021-05-18
    oval:org.opensuse.security:def:32071
    P
    		Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:29484
    P
    		Security update for python (Moderate)
    2021-03-16
    oval:org.opensuse.security:def:26206
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:26193
    P
    		Security update for bind (Important)
    2021-02-18
    oval:org.opensuse.security:def:32256
    P
    		Security update for wpa_supplicant (Important)
    2021-02-15
    oval:org.opensuse.security:def:31724
    P
    		Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:32248
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:32120
    P
    		Security update for ImageMagick (Important)
    2021-01-22
    oval:org.opensuse.security:def:32902
    P
    		Security update for openldap2 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:33096
    P
    		Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:25984
    P
    		Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:32015
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:32005
    P
    		Security update for xen (Important)
    2020-12-07
    oval:org.opensuse.security:def:35938
    P
    		libMagickCore1-32bit-6.4.3.6-7.26.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:32037
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28373
    P
    		Recommended update for python-setuptools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32036
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28316
    P
    		Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32863
    P
    		freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28232
    P
    		Security update for libvirt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28102
    P
    		Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:28038
    P
    		Security update for cracklib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25914
    P
    		Security update for firebird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28027
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:25830
    P
    		Security update for libimobiledevice, usbmuxd (Important)
    2020-12-01
    oval:org.opensuse.security:def:27170
    P
    		libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28026
    P
    		Security update for bind (Important)
    2020-12-01
    oval:org.opensuse.security:def:25773
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:27135
    P
    		gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25692
    P
    		Security update for e2fsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26497
    P
    		Security update for tor (Important)
    2020-12-01
    oval:org.opensuse.security:def:25564
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:31859
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26453
    P
    		Security update for kauth (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25500
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31772
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26439
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:33135
    P
    		libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    		Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:26400
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25488
    P
    		Security update for file-roller (Low)
    2020-12-01
    oval:org.opensuse.security:def:26351
    P
    		Security update for mongodb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32458
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31491
    P
    		Security update for Python
    2020-12-01
    oval:org.opensuse.security:def:26298
    P
    		Security update for mariadb-100 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32414
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31417
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32392
    P
    		Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31406
    P
    		Security update for perl-PlRPC (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32353
    P
    		Security update for squid3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27357
    P
    		ImageMagick on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31405
    P
    		Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:26006
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:32304
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:27322
    P
    		x3270 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25925
    P
    		Security update for pcre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26684
    P
    		dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25797
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26640
    P
    		sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25733
    P
    		Security update for mgetty (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26626
    P
    		pam_mount on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33536
    P
    		Security update for ImageMagick
    2020-12-01
    oval:org.opensuse.security:def:25722
    P
    		Security update for ovmf (Low)
    2020-12-01
    oval:org.opensuse.security:def:31948
    P
    		Security update for gpg2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26587
    P
    		libgtop on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33497
    P
    		Security update for lvm2, lvm2-clvm, lvm2-clvm-debuginfo, lvm2-clvm-debugsource, lvm2-debuginfo, lvm2-debugsource
    2020-12-01
    oval:org.opensuse.security:def:25721
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31856
    P
    		Security update for cups (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26538
    P
    		e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32859
    P
    		file-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26485
    P
    		Security update for singularity (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32815
    P
    		LibVNCServer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26334
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32793
    P
    		system-config-printer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26250
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32754
    P
    		ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32705
    P
    		libarchive2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32649
    P
    		dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28810
    P
    		Security update for postgresql91
    2020-12-01
    oval:org.opensuse.security:def:32493
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28766
    P
    		Security update for libsndfile
    2020-12-01
    oval:org.opensuse.security:def:25920
    P
    		Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32406
    P
    		Security update for wavpack (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28750
    P
    		Security update for libmpfr
    2020-12-01
    oval:org.opensuse.security:def:25909
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32349
    P
    		Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:28711
    P
    		Security update for icu
    2020-12-01
    oval:org.opensuse.security:def:26937
    P
    		libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25908
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:28662
    P
    		Security update for finch
    2020-12-01
    oval:org.opensuse.security:def:26902
    P
    		gd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28609
    P
    		Security update for Xen
    2020-12-01
    oval:org.opensuse.security:def:26264
    P
    		Security update for gegl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32048
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:28457
    P
    		Security update for xen (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:28796
    P
    		DSA-2462-2 -- imagemagick -- several vulnerabilities
    2015-08-17
    oval:org.mitre.oval:def:17311
    P
    		USN-1435-1 -- imagemagick vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:19828
    P
    		DSA-2462-1 imagemagick - several
    2014-06-23
    oval:org.mitre.oval:def:23715
    P
    		ELSA-2012:0544: ImageMagick security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21390
    P
    		RHSA-2012:0544: ImageMagick security update (Moderate)
    2014-02-24
    oval:com.ubuntu.precise:def:20120259000
    V
    		CVE-2012-0259 on Ubuntu 12.04 LTS (precise) - low.
    2012-06-05
    oval:com.redhat.rhsa:def:20120544
    P
    		RHSA-2012:0544: ImageMagick security update (Moderate)
    2012-05-07
    BACK
    imagemagick imagemagick *
    debian debian linux 6.0
    canonical ubuntu linux 10.04
    canonical ubuntu linux 11.04
    canonical ubuntu linux 11.10
    canonical ubuntu linux 12.04
    opensuse opensuse 11.4
    opensuse opensuse 12.1
    imagemagick imagemagick 6.2.5
    imagemagick imagemagick 6.3.1
    imagemagick imagemagick 6.2.9
    imagemagick imagemagick 6.6.0
    imagemagick imagemagick 6.5.0
    imagemagick imagemagick 6.4.0
    imagemagick imagemagick 6.3.8
    imagemagick imagemagick 6.7.6-2
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6