CVE-2012-3437
imagemagick - security update
EPSS 3.3%
Description
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
How to fix CVE-2012-3437
To remediate CVE-2012-3437, upgrade the affected package to a fixed version below.
- Debian/imagemagick—upgrade to 8:6.7.7.10-3 or later
- Debian/imagemagick—upgrade to 8:6.6.0.4-3+squeeze6 or later
Is CVE-2012-3437 being exploited?
Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 8:6.7.7.10-3
- from 0, < 8:6.6.0.4-3+squeeze6