CVE-2008-3134

NameCVE-2008-3134
DescriptionMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1903-1
Debian Bugs491439, 559775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
graphicsmagick (PTS)buster1.4+really1.3.35-1~deb10u2fixed
buster (security)1.4+really1.3.35-1~deb10u3fixed
bullseye (security), bullseye1.4+really1.3.36+hg16481-2+deb11u1fixed
bookworm1.4+really1.3.40-4fixed
trixie1.4+really1.3.42-1fixed
sid1.4+really1.3.43-1fixed
imagemagick (PTS)buster8:6.9.10.23+dfsg-2.1+deb10u1vulnerable (unimportant)
buster (security)8:6.9.10.23+dfsg-2.1+deb10u7vulnerable (unimportant)
bullseye8:6.9.11.60+dfsg-1.3+deb11u2vulnerable (unimportant)
bullseye (security)8:6.9.11.60+dfsg-1.3+deb11u3vulnerable (unimportant)
bookworm8:6.9.11.60+dfsg-1.6vulnerable (unimportant)
bookworm (security)8:6.9.11.60+dfsg-1.6+deb12u1vulnerable (unimportant)
trixie8:6.9.12.98+dfsg1-5vulnerable (unimportant)
sid8:6.9.12.98+dfsg1-5.2vulnerable (unimportant)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphicsmagicksourceetch1.1.7-13+etch1DSA-1903-1
graphicsmagicksourcelenny1.1.11-3.2+lenny1DSA-1903-1
graphicsmagicksource(unstable)1.2.4-1491439
imagemagicksource(unstable)(unfixed)unimportant559775

Notes

several DoS fixed in 1.2.4 according to upstream
http://sourceforge.net/project/shownotes.php?release_id=610253

Search for package or bug name: Reporting problems