CVE-2012-0259

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 6.7.6-3

Description The issue allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. This occurs due to a problem in the GetEXIFProperty function in magick/property.c.

Recommendations For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG files with potentially malformed EXIF tags until a patch is applied.