CVE-2013-4298 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Imagemagick

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.9%

top 23.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagemagick Debian Imagemagick

Timeline

PublishedSep 10

Latest updateMay 17

Description

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/imagemagick< imagemagick 8:6.7.7.10-6 (bookworm)

▶Debianimagemagick/imagemagick< 8:6.7.7.10-6+3

▶NVDimagemagick/imagemagick6.7.8-7+7

🔴Vulnerability Details

GHSA

GHSA-m2r5-w7hg-5233: The ReadGIFImage function in coders/gif↗2022-05-17

▶

OSV

CVE-2013-4298: The ReadGIFImage function in coders/gif↗2013-09-10

▶

📋Vendor Advisories

Ubuntu

ImageMagick vulnerability↗2013-09-10

▶

Red Hat

ImageMagick: One-byte heap-based buffer overflow when decoding certain GIF images↗2013-08-29

▶

Debian

CVE-2013-4298: imagemagick - The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows r...↗2013

▶

💬Community

Bugzilla

CVE-2013-4298 ImageMagick: One-byte heap-based buffer overflow when decoding certain GIF images↗2013-09-05

▶