CVE-2012-0247

Published: 13 February 2012

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Priority

Low

CVSS 3 base score: 8.8

Notes

AuthorNote
mdeslaur
I can't seem to reproduce this...seems to me gcc is doing the
right thing when casting short to size_t
jdstrand
r6998 is the fix for CVE-2012-1185 which was assigned as an
incomplete fix for this issue (see oss-sec thread).

References

Bugs