VDB
CVE-2012-1185
CVE-2012-1185
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
EPSS 1.29% · 80.0th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
1.29%
80.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| opensuse | opensuse | 11.4, 12.1 |
| imagemagick | imagemagick | 0 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 12.04, 10.04, 11.04 |
| n/a | n/a | n/a |
Exploit Intelligence
- 80556 (circl)
- openSUSE-SU-2012:0692 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 (circl)
- 49043 (circl)
- DSA-2462 (circl)
- 51957 (circl)
- [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 (circl)
- http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c (circl)
- http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c (circl)
- 47926 (circl)
…and 4 more exploits
Timeline
- Jun 5, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- 80556 vdb
- openSUSE-SU-2012:0692 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 url
- 49043 third-party-advisory
- DSA-2462 vendor-advisory
- 51957 vdb
- [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 mailing-list
- http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c url
- http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c url
- 47926 third-party-advisory
- USN-1435-1 vendor-advisory
- imagemagick-profile-code-execution(76140) vdb
- 48974 third-party-advisory
- 49317 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2012-1185 advisory