CVE-2008-3134 — Infinite Loop in Graphicsmagick

CWE-3996 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.7%

top 17.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Debian Graphicsmagick Debian Imagemagick

Timeline

PublishedJul 10

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/imagemagick< graphicsmagick 1.2.4-1 (bookworm)

▶debiandebian/graphicsmagick< graphicsmagick 1.2.4-1 (bookworm)

▶Debiangraphicsmagick/graphicsmagick< 1.2.4-1+3

▶NVDgraphicsmagick/graphicsmagick15 versions+14

🔴Vulnerability Details

GHSA

GHSA-h39h-mv79-2m42: Multiple unspecified vulnerabilities in GraphicsMagick before 1↗2022-05-01

▶

OSV

CVE-2008-3134: Multiple unspecified vulnerabilities in GraphicsMagick before 1↗2008-07-10

▶

📋Vendor Advisories

Red Hat

GraphicsMagick/ImageMagick: multiple crash or DoS issues↗2008-06-11

▶

Debian

CVE-2008-3134: graphicsmagick - Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote...↗2008

▶

💬Community

Bugzilla

CVE-2008-3134 GraphicsMagick/ImageMagick: multiple crash or DoS issues↗2008-07-11

▶