Weekly Vulnerabilities Reports > June 4 to 10, 2012

Overview

8 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 12 products from 5 vendors including Debian, Imagemagick, Canonical, Opensuse, and Redhat. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Infinite Loop", "Integer Overflow or Wraparound", "Resource Exhaustion", and "Improper Input Validation".

  • 5 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-05 CVE-2012-0247 Imagemagick
Debian
Canonical
Redhat
Improper Input Validation vulnerability in multiple products

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

8.8
2012-06-05 CVE-2012-1185 Imagemagick
Debian
Canonical
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image.

7.8
2012-06-05 CVE-2012-1610 Imagemagick
Debian
Canonical
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image.

7.5

5 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-06-05 CVE-2012-1798 Imagemagick
Debian
Redhat
Opensuse
Out-of-bounds Read vulnerability in multiple products

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

6.5
2012-06-05 CVE-2012-0260 Imagemagick
Canonical
Debian
Redhat
Opensuse
Resource Exhaustion vulnerability in multiple products

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

6.5
2012-06-05 CVE-2012-0259 Imagemagick
Debian
Canonical
Opensuse
Out-of-bounds Read vulnerability in multiple products

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

6.5
2012-06-05 CVE-2012-1186 Imagemagick
Debian
Canonical
Opensuse
Infinite Loop vulnerability in multiple products

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.

5.5
2012-06-05 CVE-2012-0248 Imagemagick
Debian
Canonical
Redhat
Infinite Loop vulnerability in multiple products

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

5.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS