Bugzilla – Bug 851064
VUL-1: CVE-2013-4589: GraphicsMagick: denial of service The vulnerability is caused due to an error within the "ExportAlphaQuantumType()"
Last modified: 2016-08-01 14:44:26 UTC
CVE-2013-4589 GraphicsMagick, a comprehensive image processing package, is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash. The vulnerability is reported in versions prior to 1.3.18, Fedora 19 already ships with 1.3.18, so it doesn't seem to be affected. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4589 https://bugzilla.redhat.com/show_bug.cgi?id=1019085 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729661 https://bugs.gentoo.org/show_bug.cgi?id=488050 https://secunia.com/advisories/55288/ http://comments.gmane.org/gmane.comp.security.oss.general/11502
bugbot adjusting priority
Affected: 12.3, 12.2, sles11. In all versions (a) we have GraphicsMagick <= 1.3.17 (b) we are building with quantum depth 8.
Created attachment 568467 [details] patch against GraphicsMagick 1.2.5
CVE-2013-4589: CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:N/A:P): Insufficient Information (CWE-noinfo)
Package submitted.
SUSE-SU-2016:1614-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 851064,965574,982178 CVE References: CVE-2013-4589,CVE-2015-8808,CVE-2016-5118 Sources used: SUSE Studio Onsite 1.3 (src): GraphicsMagick-1.2.5-4.38.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): GraphicsMagick-1.2.5-4.38.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): GraphicsMagick-1.2.5-4.38.1
released