Lucene search

PRIOn knowledge basePRION:CVE-2012-3437

HistoryAug 07, 2012 - 9:55 p.m.

Design/Logic Flaw

2012-08-0721:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.4%

JSON

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

CPENameOperatorVersion
imagemagickeq6.7.8-6

CPE	Name	Operator	Version
	imagemagick	eq	6.7.8-6

References

lists.opensuse.org/opensuse-updates/2013-03/msg00101.html

secunia.com/advisories/50091

secunia.com/advisories/50398

www.mandriva.com/security/advisories?name=MDVSA-2012:160

www.mandriva.com/security/advisories?name=MDVSA-2013:092

www.securityfocus.com/bid/54714

www.securitytracker.com/id?1027321

www.ubuntu.com/usn/USN-1544-1

bugzilla.redhat.com/show_bug.cgi?id=844101

exchange.xforce.ibmcloud.com/vulnerabilities/77260

wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.036 Low

EPSS

Percentile

91.4%

JSON

Related for PRION:CVE-2012-3437