CVE-2012-3438

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3438 at MITRE

Description

The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 773612 [RESOLVED / FIXED], 785093 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • ImageMagick >= 6.2.5-16.36.2
  • ImageMagick-Magick++ >= 6.2.5-16.36.2
  • ImageMagick-devel >= 6.2.5-16.36.2
  • perl-PerlMagick >= 6.2.5-16.36.2
Builds
ZYPP Patch Nr: 8512
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
  • ImageMagick >= 6.2.5-16.36.2
  • ImageMagick-Magick++ >= 6.2.5-16.36.2
  • ImageMagick-Magick++-devel >= 6.2.5-16.36.2
  • ImageMagick-devel >= 6.2.5-16.36.2
  • perl-PerlMagick >= 6.2.5-16.36.2
Builds
ZYPP Patch Nr: 8512
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
  • GraphicsMagick >= 1.2.5-4.33.3
  • libGraphicsMagick2 >= 1.2.5-4.33.3
Builds
SAT Patch Nr: 7722
SUSE Linux Enterprise Software Development Kit 11 SP2
  • GraphicsMagick >= 1.2.5-4.33.1
  • libGraphicsMagick2 >= 1.2.5-4.33.1
  • perl-GraphicsMagick >= 1.2.5-4.33.1
Builds
SAT Patch Nr: 7528
SUSE Studio Onsite 1.3
  • GraphicsMagick >= 1.2.5-4.33.1
  • libGraphicsMagick2 >= 1.2.5-4.33.1
Builds
SAT Patch Nr: 7528
SUSE Linux Enterprise Software Development Kit 11 SP2
  • ImageMagick >= 6.4.3.6-7.26.1
  • ImageMagick-devel >= 6.4.3.6-7.26.1
  • libMagick++-devel >= 6.4.3.6-7.26.1
  • libMagick++1 >= 6.4.3.6-7.26.1
  • libMagickWand1 >= 6.4.3.6-7.26.1
  • perl-PerlMagick >= 6.4.3.6-7.26.1
Builds
SAT Patch Nr: 7520
SUSE Linux Enterprise Software Development Kit 11 SP2
  • ImageMagick >= 6.4.3.6-7.26.1
  • ImageMagick-devel >= 6.4.3.6-7.26.1
  • libMagick++-devel >= 6.4.3.6-7.26.1
  • libMagick++1 >= 6.4.3.6-7.26.1
  • libMagickWand1 >= 6.4.3.6-7.26.1
  • libMagickWand1-32bit >= 6.4.3.6-7.26.1
  • perl-PerlMagick >= 6.4.3.6-7.26.1
Builds
SAT Patch Nr: 7520
SUSE Linux Enterprise Desktop 11 SP2
  • ImageMagick >= 6.4.3.6-7.26.1
  • libMagick++1 >= 6.4.3.6-7.26.1
  • libMagickCore1 >= 6.4.3.6-7.26.1
  • libMagickWand1 >= 6.4.3.6-7.26.1
Builds
SAT Patch Nr: 7520
SUSE Linux Enterprise Desktop 11 SP2
  • ImageMagick >= 6.4.3.6-7.26.1
  • libMagick++1 >= 6.4.3.6-7.26.1
  • libMagickCore1 >= 6.4.3.6-7.26.1
  • libMagickCore1-32bit >= 6.4.3.6-7.26.1
  • libMagickWand1 >= 6.4.3.6-7.26.1
Builds
SAT Patch Nr: 7520
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • libMagickCore1 >= 6.4.3.6-7.26.1
Builds
SAT Patch Nr: 7520
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • libMagickCore1 >= 6.4.3.6-7.26.1
  • libMagickCore1-32bit >= 6.4.3.6-7.26.1
Builds
SAT Patch Nr: 7520
openSUSE 12.3
  • GraphicsMagick >= 1.3.17-2.4.1
  • GraphicsMagick-debuginfo >= 1.3.17-2.4.1
  • GraphicsMagick-debugsource >= 1.3.17-2.4.1
  • GraphicsMagick-devel >= 1.3.17-2.4.1
  • libGraphicsMagick++-devel >= 1.3.17-2.4.1
  • libGraphicsMagick++3 >= 1.3.17-2.4.1
  • libGraphicsMagick++3-debuginfo >= 1.3.17-2.4.1
  • libGraphicsMagick3 >= 1.3.17-2.4.1
  • libGraphicsMagick3-debuginfo >= 1.3.17-2.4.1
  • libGraphicsMagickWand2 >= 1.3.17-2.4.1
  • libGraphicsMagickWand2-debuginfo >= 1.3.17-2.4.1
  • perl-GraphicsMagick >= 1.3.17-2.4.1
  • perl-GraphicsMagick-debuginfo >= 1.3.17-2.4.1
Patchnames:
openSUSE-2013-252


The following information is the current evaluation information for this security issue. It might neither be accurate nor complete, Use at own risk.
Package/Codestreams planned to be updated:
GraphicsMagick: sle-studioonsite-1.3,sle-sdk-11-SP1
ImageMagick: sap-aio-11-SP1,SLES_LTSS-11-SP1,SLES-11-SP1,sle-sdk-11-SP1,SLED-11-SP1