{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "54714", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/54714"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243"}, {"name": "imagemagick-png-dos(77260)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77260"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844101"}, {"name": "MDVSA-2013:092", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:092"}, {"name": "1027321", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027321"}, {"name": "MDVSA-2012:160", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:160"}, {"name": "openSUSE-SU-2013:0535", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00101.html"}, {"name": "50398", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50398"}, {"name": "50091", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50091"}, {"name": "USN-1544-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1544-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.550Z"}, "title": "CVE Program Container", "references": [{"name": "54714", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/54714"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243"}, {"name": "imagemagick-png-dos(77260)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77260"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844101"}, {"name": "MDVSA-2013:092", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:092"}, {"name": "1027321", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1027321"}, {"name": "MDVSA-2012:160", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:160"}, {"name": "openSUSE-SU-2013:0535", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00101.html"}, {"name": "50398", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50398"}, {"name": "50091", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50091"}, {"name": "USN-1544-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1544-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3437", "datePublished": "2012-08-07T21:00:00", "dateReserved": "2012-06-14T00:00:00", "dateUpdated": "2024-08-06T20:05:12.550Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:imagemagick:imagemagick:6.7.8-6:*:*:*:*:*:*:*", "matchCriteriaId": "B943647A-4B39-41A7-B692-57E592ABEE69", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation."}, {"lang": "es", "value": "La funci\u00f3n Magick_png_malloc en coders/png.c en ImageMagick v6.7.8-6 no utiliza el tipo de variable adecuado para el tama\u00f1o de asignaci\u00f3n, lo que podr\u00eda permitir a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un archivo PNG dise\u00f1ado que desencadena incorrecta de asignaci\u00f3n de memoria."}], "id": "CVE-2012-3437", "lastModified": "2017-08-29T01:31:55.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-07T21:55:02.063", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00101.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50091"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50398"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:160"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:092"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/54714"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1027321"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1544-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844101"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77260"}, {"source": "secalert@redhat.com", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0243"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ImageMagick: Magick_png_malloc() size argument", "id": "844101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844101"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation."], "name": "CVE-2012-3437", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ImageMagick", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-07-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-3437\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3437"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}