CVE-2008-3134

NameCVE-2008-3134
DescriptionMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1903-1
Debian Bugs491439, 559775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
graphicsmagick (PTS)buster1.4+really1.3.35-1~deb10u2fixed
buster (security)1.4+really1.3.35-1~deb10u3fixed
bullseye (security), bullseye1.4+really1.3.36+hg16481-2+deb11u1fixed
bookworm1.4+really1.3.40-4fixed
trixie1.4+really1.3.42-1fixed
sid1.4+really1.3.43-1fixed
imagemagick (PTS)buster8:6.9.10.23+dfsg-2.1+deb10u1vulnerable
buster (security)8:6.9.10.23+dfsg-2.1+deb10u7vulnerable
bullseye8:6.9.11.60+dfsg-1.3+deb11u2vulnerable
bullseye (security)8:6.9.11.60+dfsg-1.3+deb11u3vulnerable
bookworm8:6.9.11.60+dfsg-1.6vulnerable
bookworm (security)8:6.9.11.60+dfsg-1.6+deb12u1vulnerable
trixie8:6.9.12.98+dfsg1-5vulnerable
sid8:6.9.12.98+dfsg1-5.2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphicsmagicksourceetch1.1.7-13+etch1DSA-1903-1
graphicsmagicksourcelenny1.1.11-3.2+lenny1DSA-1903-1
graphicsmagicksource(unstable)1.2.4-1491439
imagemagicksource(unstable)(unfixed)unimportant559775

Notes

several DoS fixed in 1.2.4 according to upstream
http://sourceforge.net/project/shownotes.php?release_id=610253

Search for package or bug name: Reporting problems