Weekly Vulnerabilities Reports > June 4 to 10, 2012
Overview
9 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 15 products from 7 vendors including Debian, Imagemagick, Opensuse, Canonical, and Redhat. Vulnerabilities are notably categorized as "Out-of-bounds Read", "Infinite Loop", "Integer Overflow or Wraparound", "Resource Exhaustion", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 6 reported vulnerabilities are remotely exploitables.
- 9 reported vulnerabilities are exploitable by an anonymous user.
- Debian has the most reported vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
4 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-05 | CVE-2012-0247 | Imagemagick Debian Canonical Redhat | Improper Input Validation vulnerability in multiple products ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | 8.8 |
2012-06-05 | CVE-2012-1185 | Imagemagick Debian Canonical Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. | 7.8 |
2012-06-09 | CVE-2012-2034 | Adobe Suse Opensuse Redhat | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037. | 7.5 |
2012-06-05 | CVE-2012-1610 | Imagemagick Debian Canonical Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. | 7.5 |
5 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-06-05 | CVE-2012-1798 | Imagemagick Debian Redhat Opensuse | Out-of-bounds Read vulnerability in multiple products The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | 6.5 |
2012-06-05 | CVE-2012-0260 | Imagemagick Canonical Debian Redhat Opensuse | Resource Exhaustion vulnerability in multiple products The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. | 6.5 |
2012-06-05 | CVE-2012-0259 | Imagemagick Debian Canonical Opensuse | Out-of-bounds Read vulnerability in multiple products The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. | 6.5 |
2012-06-05 | CVE-2012-1186 | Imagemagick Debian Canonical Opensuse | Infinite Loop vulnerability in multiple products Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. | 5.5 |
2012-06-05 | CVE-2012-0248 | Imagemagick Debian Canonical Redhat | Infinite Loop vulnerability in multiple products ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | 5.5 |
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|