VDB
CVE-2012-1186
CVE-2012-1186
PUBLISHED
CVSS 5.5 MEDIUM
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
EPSS 0.27% · 50.7th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.27%
50.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| canonical | ubuntu_linux | 10.04, 11.04, 12.04 |
| debian | debian_linux | 6.0 |
| imagemagick | imagemagick | 0 |
| n/a | n/a | n/a |
| opensuse | opensuse | 12.1, 11.4 |
Exploit Intelligence
- openSUSE-SU-2012:0692 (circl)
- 49043 (circl)
- DSA-2462 (circl)
- 51957 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 (circl)
- imagemagick-syncimageprofiles-dos(76139) (circl)
- [oss-security] 20120319 Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 (circl)
- http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c (circl)
- 47926 (circl)
- USN-1435-1 (circl)
…and 3 more exploits
Timeline
- Jun 5, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 13, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- openSUSE-SU-2012:0692 vendor-advisory
- 49043 third-party-advisory
- DSA-2462 vendor-advisory
- 51957 vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 url
- imagemagick-syncimageprofiles-dos(76139) vdb
- [oss-security] 20120319 Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 mailing-list
- http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c url
- 47926 third-party-advisory
- USN-1435-1 vendor-advisory
- 48974 third-party-advisory
- 49317 third-party-advisory
- 80555 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-1186 advisory