Debian Security Advisory DSA-2427-1 email@example.com http://www.debian.org/security/ Florian Weimer March 06, 2012 http://www.debian.org/security/faq
Package : imagemagick Vulnerability : several Problem type : local CVE ID : CVE-2012-0247 CVE-2012-0248
Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images:
CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address.
CVE-2012-0248 Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.
For the stable distribution (squeeze), these problems have been fixed in version 8:22.214.171.124-3+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 8:126.96.36.199-6.
We recommend that you upgrade your imagemagick packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/
Mailing list: firstname.lastname@example.org