CVE-2008-3134

NameCVE-2008-3134
DescriptionMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1903-1
Debian Bugs491439, 559775

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
graphicsmagick (PTS)jessie, jessie (lts)1.3.20-3+deb8u14fixed
stretch (security)1.3.30+hg15796-1~deb9u5fixed
stretch (lts), stretch1.3.30+hg15796-1~deb9u7fixed
buster (security), buster, buster (lts)1.4+really1.3.35-1~deb10u3fixed
bullseye (security), bullseye1.4+really1.3.36+hg16481-2+deb11u1fixed
bookworm1.4+really1.3.40-4fixed
sid, trixie1.4+really1.3.45-1fixed
imagemagick (PTS)jessie, jessie (lts)8:6.8.9.9-5+deb8u27vulnerable
stretch (security)8:6.9.7.4+dfsg-11+deb9u14vulnerable
stretch (lts), stretch8:6.9.7.4+dfsg-11+deb9u20vulnerable
buster, buster (lts)8:6.9.10.23+dfsg-2.1+deb10u9vulnerable
buster (security)8:6.9.10.23+dfsg-2.1+deb10u7vulnerable
bullseye8:6.9.11.60+dfsg-1.3+deb11u4vulnerable
bullseye (security)8:6.9.11.60+dfsg-1.3+deb11u3vulnerable
bookworm8:6.9.11.60+dfsg-1.6+deb12u2vulnerable
bookworm (security)8:6.9.11.60+dfsg-1.6+deb12u1vulnerable
sid, trixie8:7.1.1.39+dfsg1-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
graphicsmagicksourceetch1.1.7-13+etch1DSA-1903-1
graphicsmagicksourcelenny1.1.11-3.2+lenny1DSA-1903-1
graphicsmagicksource(unstable)1.2.4-1491439
imagemagicksource(unstable)(unfixed)unimportant559775

Notes

several DoS fixed in 1.2.4 according to upstream
http://sourceforge.net/project/shownotes.php?release_id=610253

Search for package or bug name: Reporting problems