DSA-2427-1 imagemagick -- severalID: oval:org.secpod.oval:def:600750 | Date: (C)2012-03-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Two security vulnerabilities related to EXIF processing were discovered in ImageMagick, a suite of programs to manipulate images: CVE-2012-0247 When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick writes two bytes to an invalid address. CVE-2012-0248 Parsing a maliciously crafted image with an IFD whose all IOP tags value offsets point to the beginning of the IFD itself results in an endless loop and a denial of service.