CVE-2012-3437

Publication date 7 August 2012

Last updated 24 July 2024

Ubuntu priority

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
imagemagick	12.04 LTS precise	Fixed 8:6.6.9.7-5ubuntu3.2
	11.10 oneiric	Fixed 8:6.6.0.4-3ubuntu1.2
	11.04 natty	Fixed 7:6.6.2.6-1ubuntu4.2
	10.04 LTS lucid	Fixed 7:6.5.7.8-1ubuntu1.3
	8.04 LTS hardy	Ignored end of life

Notes

tyhicks

png_IM_malloc() in older releases

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
imagemagick	Upstream: http://trac.imagemagick.org/changeset/8733/ImageMagick/trunk/coders/png.c

References

Related Ubuntu Security Notices (USN)