CVE-2012-0248

Publication date 13 February 2012

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Read the notes from the security team

Status

Package Ubuntu Release Status
imagemagick 12.04 LTS precise
Fixed 8:6.6.9.7-5ubuntu3.1
11.10 oneiric
Fixed 8:6.6.0.4-3ubuntu1.1
11.04 natty
Fixed 7:6.6.2.6-1ubuntu4.1
10.10 maverick Ignored end of life
10.04 LTS lucid
Fixed 7:6.5.7.8-1ubuntu1.2
8.04 LTS hardy Ignored end of life

Notes

jdstrand

r6998 is the fix for CVE-2012-1186 which was assigned as an incomplete fix for this issue (see oss-sec for more information).

mdeslaur

see fixes in CVE-2012-0247

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.5 · Medium

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-1435-1
    • ImageMagick vulnerabilities
    • 1 May 2012

Other references

Access our resources on patching vulnerabilities