Upstream information

CVE-2012-3437 at MITRE

Description

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 773612 [RESOLVED / FIXED], 785093 [RESOLVED / DUPLICATE], 905260

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • ImageMagick >= 6.7.8.8-4.5.1
  • ImageMagick-debuginfo >= 6.7.8.8-4.5.1
  • ImageMagick-debugsource >= 6.7.8.8-4.5.1
  • ImageMagick-devel >= 6.7.8.8-4.5.1
  • ImageMagick-devel-32bit >= 6.7.8.8-4.5.1
  • ImageMagick-doc >= 6.7.8.8-4.5.1
  • ImageMagick-extra >= 6.7.8.8-4.5.1
  • ImageMagick-extra-debuginfo >= 6.7.8.8-4.5.1
  • libMagick++-devel >= 6.7.8.8-4.5.1
  • libMagick++5 >= 6.7.8.8-4.5.1
  • libMagick++5-debuginfo >= 6.7.8.8-4.5.1
  • libMagickCore5 >= 6.7.8.8-4.5.1
  • libMagickCore5-32bit >= 6.7.8.8-4.5.1
  • libMagickCore5-debuginfo >= 6.7.8.8-4.5.1
  • libMagickCore5-debuginfo-32bit >= 6.7.8.8-4.5.1
  • libMagickWand5 >= 6.7.8.8-4.5.1
  • libMagickWand5-32bit >= 6.7.8.8-4.5.1
  • libMagickWand5-debuginfo >= 6.7.8.8-4.5.1
  • libMagickWand5-debuginfo-32bit >= 6.7.8.8-4.5.1
  • perl-PerlMagick >= 6.7.8.8-4.5.1
  • perl-PerlMagick-debuginfo >= 6.7.8.8-4.5.1
Patchnames:
openSUSE-2013-251