Medium severity5.5NVD Advisory· Published Jun 5, 2012· Updated Apr 29, 2026
CVE-2012-1186
CVE-2012-1186
Description
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
Affected products
8- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- www.openwall.com/lists/oss-security/2012/03/19/5nvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/51957nvdPatchThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-updates/2012-06/msg00001.htmlnvdMailing ListThird Party Advisory
- ubuntu.com/usn/usn-1435-1nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2462nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/76139nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/47926nvdBroken Link
- secunia.com/advisories/48974nvdBroken Link
- secunia.com/advisories/49043nvdBroken Link
- secunia.com/advisories/49317nvdBroken Link
- trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.cnvdBroken Link
- www.osvdb.org/80555nvdBroken Link
News mentions
0No linked articles in our index yet.