VYPR
← All advisories
High severity7.8NVD Advisory· Published Jun 5, 2012· Updated Apr 29, 2026

CVE-2012-1185

CVE-2012-1185

Description

ImageMagick 6.7.5 and earlier have integer overflows in EXIF ResolutionUnit tag handling, enabling memory corruption and possible code execution via crafted images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ImageMagick 6.7.5 and earlier have integer overflows in EXIF ResolutionUnit tag handling, enabling memory corruption and possible code execution via crafted images.

Vulnerability

Multiple integer overflow vulnerabilities exist in ImageMagick versions 6.7.5 and earlier, specifically in magick/profile.c or magick/property.c. The flaw occurs when processing the ResolutionUnit tag in the EXIF IFD0 of an image. An attacker can supply a crafted offset value that causes an integer overflow when computing the sum of number_bytes and offset, leading to memory corruption. This vulnerability exists due to an incomplete fix for CVE-2012-0247 [1][3].

Exploitation

To exploit this vulnerability, an attacker must craft a malicious image file containing a specially crafted ResolutionUnit tag with an offset value that triggers the integer overflow. The attacker then needs to deliver this file to a user or automated system that processes it using ImageMagick. User interaction is required (e.g., opening the file or automated processing). No special network position is needed; the attack vector is local via file handling [1][2].

Impact

Successful exploitation can result in a denial of service (application crash) due to memory corruption. In some cases, arbitrary code execution may be possible with the privileges of the user invoking the program, leading to full compromise of the affected system [1][4].

Mitigation

Ubuntu released updated packages in USN-1435-1 on 1 May 2012 [1]. The fix was also committed to the ImageMagick subversion repository prior to the CVE disclosure [3][4]. Users should upgrade to ImageMagick version 6.7.5-7 or later. No workaround besides applying the patch is available. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

References
  1. USN-1435-1: ImageMagick vulnerabilities | Ubuntu security notices | Ubuntu
  2. About Secunia Research | Flexera
  3. oss-security - CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247
  4. 804588 – (CVE-2012-1185) CVE-2012-1185: ImageMagick: Incorrect fix for CVE-2012-0247

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • ImageMagick/Imagemagick2 versions
    cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <=6.7.5
    • (no CPE)range: <=6.7.5
  • Canonical/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
  • osv-coords
    pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed
    Range: < 6.9.6.6-1.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.