CVE-2008-3134

NameCVE-2008-3134
DescriptionMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1903-1
Debian Bugs491439, 559775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
graphicsmagick (PTS)buster1.4+really1.3.35-1~deb10u2fixed
buster (security)1.4+really1.3.35-1~deb10u3fixed
bullseye (security), bullseye1.4+really1.3.36+hg16481-2+deb11u1fixed
bookworm1.4+really1.3.40-4fixed
sid, trixie1.4+really1.3.42-1fixed
imagemagick (PTS)buster8:6.9.10.23+dfsg-2.1+deb10u1vulnerable
buster (security)8:6.9.10.23+dfsg-2.1+deb10u5vulnerable
bullseye (security), bullseye8:6.9.11.60+dfsg-1.3+deb11u1vulnerable
sid, trixie, bookworm8:6.9.11.60+dfsg-1.6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphicsmagicksourceetch1.1.7-13+etch1DSA-1903-1
graphicsmagicksourcelenny1.1.11-3.2+lenny1DSA-1903-1
graphicsmagicksource(unstable)1.2.4-1491439
imagemagicksource(unstable)(unfixed)unimportant559775

Notes

several DoS fixed in 1.2.4 according to upstream
http://sourceforge.net/project/shownotes.php?release_id=610253

Search for package or bug name: Reporting problems