Lucene search

[email protected]CVE-2012-3438

HistoryAug 07, 2012 - 9:55 p.m.

CVE-2012-3438

2012-08-0721:55:02

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-3438

graphicsmagick

denial of service

crash

memory allocation

png

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Affected configurations

NVD

Node

graphicsmagickgraphicsmagickMatch1.3.16

CPENameOperatorVersion
graphicsmagick:graphicsmagickgraphicsmagickeq1.3.16

CPE	Name	Operator	Version
graphicsmagick:graphicsmagick	graphicsmagick	eq	1.3.16

References

graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2

lists.opensuse.org/opensuse-updates/2013-03/msg00102.html

secunia.com/advisories/50090

www.mandriva.com/security/advisories?name=MDVSA-2012:165

www.securityfocus.com/bid/54716

bugzilla.redhat.com/show_bug.cgi?id=844105

exchange.xforce.ibmcloud.com/vulnerabilities/77259

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2012-3438

openvas9 nessus9 securityvulns1 fedora3 cvelist1 nvd1 debiancve1 ubuntucve1 prion1 freebsd1