Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3134

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3134
Last Modified 07 Mar 2011 10:10:15
Published 10 Jul 2008 07:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3134

Summary

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

Vulnerable Systems

Application

  • Graphicsmagick 1.0

  • Graphicsmagick 1.0.4

  • Graphicsmagick 1.0.6

  • Graphicsmagick 1.1

  • Graphicsmagick 1.1.10

  • Graphicsmagick 1.1.11

  • Graphicsmagick 1.1.12

  • Graphicsmagick 1.1.3

  • Graphicsmagick 1.1.4

  • Graphicsmagick 1.1.5

  • Graphicsmagick 1.1.6

  • Graphicsmagick 1.1.8

  • Graphicsmagick 1.1.9

  • Graphicsmagick 1.2

  • Graphicsmagick 1.2.18


References

XF - graphicsmagick-getimagecharacteristics-dos(43513)

XF - graphicsmagick-multiple-dos(43511)

VUPEN - ADV-2008-1984

SECTRACK - 1020413

BID - 30055

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=610253

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=841176

SECUNIA - 32151

SECUNIA - 30879

SUSE - SUSE-SR:2008:020


Last Updated: 27 May 2016 10:48:05