Weekly Vulnerabilities Reports > June 4 to 10, 2012
Overview
8 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 5 vendors including Debian, Imagemagick, Canonical, Opensuse, and Redhat. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Infinite Loop", "Integer Overflow or Wraparound", "Resource Exhaustion", and "Improper Input Validation".
- 5 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
3 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-05 | CVE-2012-0247 | Imagemagick Debian Canonical Redhat | Improper Input Validation vulnerability in multiple products ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | 8.8 |
2012-06-05 | CVE-2012-1185 | Imagemagick Debian Canonical Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. | 7.8 |
2012-06-05 | CVE-2012-1610 | Imagemagick Debian Canonical Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. | 7.5 |
5 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-05 | CVE-2012-1798 | Imagemagick Debian Redhat Opensuse | Out-of-bounds Read vulnerability in multiple products The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | 6.5 |
2012-06-05 | CVE-2012-0260 | Imagemagick Canonical Debian Redhat Opensuse | Resource Exhaustion vulnerability in multiple products The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. | 6.5 |
2012-06-05 | CVE-2012-0259 | Imagemagick Debian Canonical Opensuse | Out-of-bounds Read vulnerability in multiple products The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. | 6.5 |
2012-06-05 | CVE-2012-1186 | Imagemagick Debian Canonical Opensuse | Infinite Loop vulnerability in multiple products Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. | 5.5 |
2012-06-05 | CVE-2012-0248 | Imagemagick Debian Canonical Redhat | Infinite Loop vulnerability in multiple products ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | 5.5 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|