VIR Vulnerability Intelligence Relay

CVE-2012-0247

high
Published 2012-06-05 · Modified 2026-04-29
CVSS v3
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2
6.8
VIR risk
8.8

Description

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-0247

vendor Authored 2026-05-27

Vendor advisory: cret@cert.org — http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed8:6.6.9.7-6
debian debianbullseyefixed8:6.6.9.7-6
debian debianforkyfixed8:6.6.9.7-6
debian debiansidfixed8:6.6.9.7-6
debian debiantrixiefixed8:6.6.9.7-6
redhat rhel5.0affected
redhat rhel6.0affected
redhat rhel6.2affected
ubuntu ubuntu10.04affected
ubuntu ubuntu11.04affected
ubuntu ubuntu11.10affected
ubuntu ubuntu12.04affected
debian debian6.0affected
debian debian7.0affected

Application impact
VendorProductVersionsFixed
imagemagickimagemagick{"endIncluding":"6.7.5-7"}
redhatstorage2.0

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.