Medium severity6.5NVD Advisory· Published Jun 5, 2012· Updated Apr 29, 2026

CVE-2012-0260

Description

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Affected products

ImageMagick/Imagemagick
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Range: <6.7.6-3
Red Hat/Storage
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Aus
cpe:2.3:o:redhat:enterprise_linux_aus:6.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.imagemagick.org/discourse-server/viewtopic.phpnvdIssue TrackingPatchVendor Advisory
www.securityfocus.com/bid/52898nvdPatchThird Party AdvisoryVDB Entry
lists.opensuse.org/opensuse-updates/2012-06/msg00001.htmlnvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2012-0544.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2012-0545.htmlnvdThird Party Advisory
www.debian.org/security/2012/dsa-2462nvdThird Party Advisory
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2132-1nvdThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/74658nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/48974nvdBroken Link
secunia.com/advisories/49063nvdBroken Link
secunia.com/advisories/49068nvdBroken Link
secunia.com/advisories/49317nvdBroken Link
secunia.com/advisories/55035nvdBroken Link
secunia.com/advisories/57224nvdBroken Link
www.cert.fi/en/reports/2012/vulnerability635606.htmlnvdBroken Link
www.osvdb.org/81022nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000