{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30879", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30879"}, {"name": "1020413", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020413"}, {"name": "graphicsmagick-multiple-dos(43511)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43511"}, {"name": "ADV-2008-1984", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1984/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=610253"}, {"name": "SUSE-SR:2008:020", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"name": "graphicsmagick-getimagecharacteristics-dos(43513)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43513"}, {"name": "32151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32151"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/forum/forum.php?forum_id=841176"}, {"name": "30055", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30055"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-3134", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30879", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30879"}, {"name": "1020413", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020413"}, {"name": "graphicsmagick-multiple-dos(43511)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43511"}, {"name": "ADV-2008-1984", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1984/references"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=610253", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=610253"}, {"name": "SUSE-SR:2008:020", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"name": "graphicsmagick-getimagecharacteristics-dos(43513)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43513"}, {"name": "32151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32151"}, {"name": "http://sourceforge.net/forum/forum.php?forum_id=841176", "refsource": "CONFIRM", "url": "http://sourceforge.net/forum/forum.php?forum_id=841176"}, {"name": "30055", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30055"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:28:41.370Z"}, "title": "CVE Program Container", "references": [{"name": "30879", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30879"}, {"name": "1020413", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020413"}, {"name": "graphicsmagick-multiple-dos(43511)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43511"}, {"name": "ADV-2008-1984", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1984/references"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=610253"}, {"name": "SUSE-SR:2008:020", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"name": "graphicsmagick-getimagecharacteristics-dos(43513)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43513"}, {"name": "32151", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32151"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/forum/forum.php?forum_id=841176"}, {"name": "30055", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30055"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-3134", "datePublished": "2008-07-10T23:00:00", "dateReserved": "2008-07-10T00:00:00", "dateUpdated": "2024-08-07T09:28:41.370Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E3834A3-8A7E-4914-A20C-EE694150D044", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96A991C-67A7-4C36-99C4-846BD2175F5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD7E2792-B4BC-4C71-990D-0B7462919568", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "10F2FD22-4058-45D6-8352-0AA6382746C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1BF103AE-6F15-4F2D-A375-F2AF91171EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65929D5C-31B1-4A70-8E9C-AC6749332480", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC45DB14-ABB2-4116-930D-349A81CDB982", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "0573F148-0204-4F6B-A7B7-12DDF61C7383", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "489040F9-1992-4030-9AFC-9855CFB8C1EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A9942F4B-6608-4828-988C-2F76EB73CC48", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "12D4C9D5-2A4F-4263-943C-1F46E0BB802E", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "FAA39999-2648-4EBB-A9CD-15FBE9900E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4AD2742D-41F6-43F4-B90B-B75D54E08326", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "634E509D-7E46-43EE-BE38-7C3A7690761D", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "C656F3BD-3FB8-484C-8853-853C47BDFCE1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en GraphicsMAgick anterior a 1.2.4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda, bucle infinito o consumo de memoria) a trav\u00e9s de vectores no especificados en los decodificadores (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, y (9) TGA; y (b) la funci\u00f3n GetImageCharacteristics en magick/image.c, desde un fichero (10) PNG, (11) JPEG, (12) BMP, o (13) TIFF manipulado."}], "id": "CVE-2008-3134", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-10T23:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30879"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32151"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/forum/forum.php?forum_id=841176"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=610253"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30055"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020413"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1984/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43511"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30879"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/forum/forum.php?forum_id=841176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=610253"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1984/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43511"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43513"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3134", "lastModified": "2010-05-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "GraphicsMagick/ImageMagick: multiple crash or DoS issues", "id": "454982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454982"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file."], "name": "CVE-2008-3134", "public_date": "2008-06-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-3134\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-3134"], "statement": "We do not consider a crash of a client application such as ImageMagick to be a\nsecurity issue.", "threat_severity": "Low"}