Vulnerability Name:

CVE-2012-3437 (CCN-77260)

Assigned:2012-07-30
Published:2012-07-30
Updated:2017-08-29
Summary:The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-3437

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0535

Source: CCN
Type: SA50091
ImageMagick PNG Image Parsing Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
50091

Source: SECUNIA
Type: UNKNOWN
50398

Source: CCN
Type: ImageMagick Web site
Introduction to ImageMagick

Source: CCN
Type: ImageMagick SVN Repository
ImageMagick

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2012:160

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2013:092

Source: CCN
Type: OSVDB ID: 84324
ImageMagick PNG Image Handling Casting Error DoS

Source: BID
Type: UNKNOWN
54714

Source: CCN
Type: BID-54714
ImageMagick 'Magick_png_malloc()' Function Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1027321

Source: UBUNTU
Type: UNKNOWN
USN-1544-1

Source: CCN
Type: Red Hat Bugzilla Bug 844101
CVE-2012-3437 ImageMagick: Magick_png_malloc() size argument

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=844101

Source: XF
Type: UNKNOWN
imagemagick-png-dos(77260)

Source: XF
Type: UNKNOWN
imagemagick-png-dos(77260)

Source: CONFIRM
Type: UNKNOWN
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243

Vulnerable Configuration:Configuration 1:
  • cpe:/a:imagemagick:imagemagick:6.7.8-6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:imagemagick:imagemagick:6.7.8-6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20123437
    V
    CVE-2012-3437
    2022-05-20
    oval:org.opensuse.security:def:26220
    P
    Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:42345
    P
    Security update for libmspack (Low)
    2022-01-13
    oval:org.opensuse.security:def:31715
    P
    Security update for the Linux Kernel (Important)
    2021-12-06
    oval:org.opensuse.security:def:32225
    P
    Security update for postgresql10 (Important)
    2021-11-22
    oval:org.opensuse.security:def:26167
    P
    Security update for php72 (Moderate)
    2021-11-19
    oval:org.opensuse.security:def:26147
    P
    Security update for MozillaFirefox (Important)
    2021-10-15
    oval:org.opensuse.security:def:32181
    P
    Security update for xen (Important)
    2021-09-06
    oval:org.opensuse.security:def:26118
    P
    Security update for php72 (Important)
    2021-09-02
    oval:org.opensuse.security:def:26112
    P
    Security update for sssd (Important)
    2021-08-30
    oval:org.opensuse.security:def:32159
    P
    Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:31650
    P
    Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:31639
    P
    Security update for freeradius-server (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:31638
    P
    Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:36359
    P
    ImageMagick-6.4.3.6-7.30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42579
    P
    libMagickCore1-32bit-6.4.3.6-7.30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36172
    P
    libMagickCore1-32bit-6.4.3.6-7.30.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26065
    P
    Security update for polkit (Important)
    2021-06-03
    oval:org.opensuse.security:def:26063
    P
    Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:31623
    P
    Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:32092
    P
    Security update for the Linux Kernel (Important)
    2021-05-18
    oval:org.opensuse.security:def:32071
    P
    Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:26206
    P
    Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:26193
    P
    Security update for bind (Important)
    2021-02-18
    oval:org.opensuse.security:def:31724
    P
    Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:32248
    P
    Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:32120
    P
    Security update for ImageMagick (Important)
    2021-01-22
    oval:org.opensuse.security:def:32902
    P
    Security update for openldap2 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:33096
    P
    Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:25984
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:32015
    P
    Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:32005
    P
    Security update for xen (Important)
    2020-12-07
    oval:org.opensuse.security:def:35938
    P
    libMagickCore1-32bit-6.4.3.6-7.26.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31491
    P
    Security update for Python
    2020-12-01
    oval:org.opensuse.security:def:25733
    P
    Security update for mgetty (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26937
    P
    libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31948
    P
    Security update for gpg2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26453
    P
    Security update for kauth (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32353
    P
    Security update for squid3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25564
    P
    Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:26538
    P
    e2fsprogs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33135
    P
    libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31406
    P
    Security update for perl-PlRPC (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27322
    P
    x3270 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25721
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31772
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26264
    P
    Security update for gegl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26006
    P
    Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26400
    P
    Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:25920
    P
    Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27170
    P
    libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:26334
    P
    Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:32458
    P
    Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25830
    P
    Security update for libimobiledevice, usbmuxd (Important)
    2020-12-01
    oval:org.opensuse.security:def:26640
    P
    sudo on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25797
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26298
    P
    Security update for mariadb-100 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32863
    P
    freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25908
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26497
    P
    Security update for tor (Important)
    2020-12-01
    oval:org.opensuse.security:def:32392
    P
    Security update for tomcat6 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25692
    P
    Security update for e2fsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26587
    P
    libgtop on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31417
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27357
    P
    ImageMagick on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25722
    P
    Security update for ovmf (Low)
    2020-12-01
    oval:org.opensuse.security:def:31859
    P
    Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26902
    P
    gd on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31856
    P
    Security update for cups (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26439
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:32304
    P
    Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:25500
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26485
    P
    Security update for singularity (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31405
    P
    Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:25914
    P
    Security update for firebird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26684
    P
    dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25925
    P
    Security update for pcre (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26351
    P
    Security update for mongodb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25909
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:27135
    P
    gmime on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25488
    P
    Security update for file-roller (Low)
    2020-12-01
    oval:org.opensuse.security:def:26250
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32414
    P
    Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25773
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26626
    P
    pam_mount on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:17646
    P
    USN-1544-1 -- imagemagick vulnerability
    2014-07-07
    oval:com.ubuntu.precise:def:20123437000
    V
    CVE-2012-3437 on Ubuntu 12.04 LTS (precise) - medium.
    2012-08-07
    BACK
    imagemagick imagemagick 6.7.8-6
    imagemagick imagemagick 6.7.8-6