Upstream information

CVE-2012-3437 at MITRE

Description

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 773612 [RESOLVED / FIXED], 785093 [RESOLVED / DUPLICATE], 905260

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP3
  • libMagickCore1 >= 6.4.3.6-7.26.1
  • libMagickCore1-32bit >= 6.4.3.6-7.26.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libMagickCore1-32bit
SUSE Linux Enterprise Server 11 SP4
  • libMagickCore1 >= 6.4.3.6-7.30.1
  • libMagickCore1-32bit >= 6.4.3.6-7.30.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libMagickCore1-32bit
SUSE Linux Enterprise Software Development Kit 11 SP4
  • ImageMagick >= 6.4.3.6-7.30.1
  • ImageMagick-devel >= 6.4.3.6-7.30.1
  • libMagick++-devel >= 6.4.3.6-7.30.1
  • libMagick++1 >= 6.4.3.6-7.30.1
  • libMagickWand1 >= 6.4.3.6-7.30.1
  • libMagickWand1-32bit >= 6.4.3.6-7.30.1
  • perl-PerlMagick >= 6.4.3.6-7.30.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA ImageMagick