Two input validation and denial of service flaws were reported [1],[2] in ImageMagick: [CVE-2012-0247] When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in EXIF IFD0, ImageMagick copies two bytes into an invalid address. [CVE-2012-0248] When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing a denial of service. The patch (noted in the upstream report) fixes the flaw in magick/property.c, which exists in Fedora's versions of ImageMagick (6.6.5 and 6.7.0) and Red Hat Enterprise Linux 6 (6.5.4), however it does not exist in Red Hat Enterprise Linux 5 and earlier versions of ImageMagick (6.2.8). [1] http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 [2] http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-021.html
Created attachment 560951 [details] upstream patch
Created ImageMagick tracking bugs for this issue Affects: fedora-all [bug 796843]
Created GraphicsMagick tracking bugs for this issue Affects: fedora-all [bug 797121]
Created attachment 566909 [details] Better patch from upstream The previous patch was not complete. This is a newer patch from upstream, which should fix the issues completely. Olivier: This will likely also obsolete your patch, but I didn't investigate that any further.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0545 https://rhn.redhat.com/errata/RHSA-2012-0545.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0544 https://rhn.redhat.com/errata/RHSA-2012-0544.html