CVE-2013-4589 — Graphicsmagick vulnerability

6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

2.5%

top 14.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Graphicsmagick Fedoraproject Fedora Novell Suse Linux Enterprise Debuginfo +2 more

Timeline

PublishedNov 23

Latest updateMay 17

Description

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶Debiangraphicsmagick/graphicsmagick< 1.3.18-1+3

▶NVDgraphicsmagick/graphicsmagick1.3.17+39

▶NVDnovell/suse_studio_onsite1.3

▶NVDnovell/suse_linux_enterprise_debuginfo11

▶NVDnovell/suse_linux_enterprise_software_development_kit11.0

Also affects: Fedora 18

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-vj5h-42mr-vg2g: The ExportAlphaQuantumType function in export↗2022-05-17

▶

OSV

CVE-2013-4589: The ExportAlphaQuantumType function in export↗2013-11-23

▶

CVEList

CVE-2013-4589: The ExportAlphaQuantumType function in export↗2013-11-23

▶

📋Vendor Advisories

Debian

CVE-2013-4589: graphicsmagick - The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 ...↗2013

▶

💬Community

Bugzilla

CVE-2013-4589 graphicsmagick: 8-bit RGBA images export DoS vulnerability↗2013-10-15

▶