Novell Home

CVE-2012-3437

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3437 at MITRE

Description

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

SUSE information

SUSE Bugzilla entries: 773612, 785093, 905260

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • ImageMagick >= 6.7.8.8-4.5.1
  • ImageMagick-debuginfo >= 6.7.8.8-4.5.1
  • ImageMagick-debugsource >= 6.7.8.8-4.5.1
  • ImageMagick-devel >= 6.7.8.8-4.5.1
  • ImageMagick-devel-32bit >= 6.7.8.8-4.5.1
  • ImageMagick-doc >= 6.7.8.8-4.5.1
  • ImageMagick-extra >= 6.7.8.8-4.5.1
  • ImageMagick-extra-debuginfo >= 6.7.8.8-4.5.1
  • libMagick++-devel >= 6.7.8.8-4.5.1
  • libMagick++5 >= 6.7.8.8-4.5.1
  • libMagick++5-debuginfo >= 6.7.8.8-4.5.1
  • libMagickCore5 >= 6.7.8.8-4.5.1
  • libMagickCore5-32bit >= 6.7.8.8-4.5.1
  • libMagickCore5-debuginfo >= 6.7.8.8-4.5.1
  • libMagickCore5-debuginfo-32bit >= 6.7.8.8-4.5.1
  • libMagickWand5 >= 6.7.8.8-4.5.1
  • libMagickWand5-32bit >= 6.7.8.8-4.5.1
  • libMagickWand5-debuginfo >= 6.7.8.8-4.5.1
  • libMagickWand5-debuginfo-32bit >= 6.7.8.8-4.5.1
  • perl-PerlMagick >= 6.7.8.8-4.5.1
  • perl-PerlMagick-debuginfo >= 6.7.8.8-4.5.1
Patchnames:
openSUSE-2013-251

© 2015 Novell