CVE-2008-3134

NameCVE-2008-3134
DescriptionMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1903-1
NVD severitymedium (attack range: remote)
Debian Bugs491439, 559775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
graphicsmagick (PTS)wheezy1.3.16-1.1fixed
wheezy (security)1.3.16-1.1+deb7u10fixed
jessie1.3.20-3+deb8u1fixed
jessie (security)1.3.20-3+deb8u2fixed
stretch1.3.25-8fixed
buster1.3.26-14fixed
sid1.3.26-15fixed
imagemagick (PTS)wheezy8:6.7.7.10-5+deb7u4vulnerable
wheezy (security)8:6.7.7.10-5+deb7u17vulnerable
jessie8:6.8.9.9-5+deb8u9vulnerable
jessie (security)8:6.8.9.9-5+deb8u10vulnerable
stretch (security), stretch8:6.9.7.4+dfsg-11+deb9u1vulnerable
buster, sid8:6.9.7.4+dfsg-16vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphicsmagicksource(unstable)1.2.4-1medium491439
graphicsmagicksourceetch1.1.7-13+etch1mediumDSA-1903-1
graphicsmagicksourcelenny1.1.11-3.2+lenny1mediumDSA-1903-1
imagemagicksource(unstable)(unfixed)unimportant559775

Notes

several DoS fixed in 1.2.4 according to upstream
http://sourceforge.net/project/shownotes.php?release_id=610253

Search for package or bug name: Reporting problems