CVE-2012-3437

EPSS 3.3%

imagemagick - security update

Published: 8/7/2012Modified: 4/28/2026

Description

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Affected packages (2)

Debian/imagemagickfrom 0, < 8:6.7.7.10-3
Debian/imagemagickfrom 0, < 8:6.6.0.4-3+squeeze6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3437