ID CVE-2008-3134
Summary Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
References
Vulnerable Configurations
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:graphicsmagick:graphicsmagick:1.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:graphicsmagick:graphicsmagick:1.2.18:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 30055
confirm
sectrack 1020413
secunia
  • 30879
  • 32151
suse SUSE-SR:2008:020
vupen ADV-2008-1984
xf
  • graphicsmagick-getimagecharacteristics-dos(43513)
  • graphicsmagick-multiple-dos(43511)
statements via4
contributor Mark J Cox
lastmodified 2010-05-14
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3134
Last major update 08-08-2017 - 01:31
Published 10-07-2008 - 23:41
Last modified 08-08-2017 - 01:31
Back to Top