Medium severity5.5NVD Advisory· Published Jun 5, 2012· Updated Jun 16, 2026
CVE-2012-1186
CVE-2012-1186
Description
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*range: <=6.7.5-8
- (no CPE)range: <=6.7.5-8
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Patches
Vulnerability mechanics
References
13- www.openwall.com/lists/oss-security/2012/03/19/5nvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/51957nvdPatchThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-updates/2012-06/msg00001.htmlnvdMailing ListThird Party Advisory
- ubuntu.com/usn/usn-1435-1nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2462nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/76139nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/47926nvdBroken Link
- secunia.com/advisories/48974nvdBroken Link
- secunia.com/advisories/49043nvdBroken Link
- secunia.com/advisories/49317nvdBroken Link
- trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.cnvdBroken Link
- www.osvdb.org/80555nvdBroken Link
News mentions
0No linked articles in our index yet.