Vulnerability CVE-2008-6621 - CERT Civis.Net

Vulnerability Name:

CVE-2008-6621 (CCN-49707)

Assigned:

2008-06-05

Published:

2008-06-05

Updated:

2009-04-14

Summary:

Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images.
Note: some of these details are obtained from third party information.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2008-6621

Source: CONFIRM
Type: UNKNOWN
http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/dpx.c

Source: OSVDB
Type: UNKNOWN
46258

Source: CCN
Type: SA30549
GraphicsMagick Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30549

Source: CCN
Type: SourceForge.net: Files
GraphicsMagick, File Release Notes and Changelog, Release Name: 1.2.3

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=604837

Source: DEBIAN
Type: DSA-1903
graphicsmagick -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 46258
GraphicsMagick DPX Image Handling Unspecified DoS

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1767

Source: XF
Type: UNKNOWN
graphicsmagick-dpx-dos(49707)

Vulnerable Configuration:

Configuration 1:

cpe:/a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.18:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.18:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.2:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:7485	P	DSA-1903 graphicsmagick -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:19472	P	DSA-1903-1 graphicsmagick - several	2014-06-23
oval:org.debian:def:1903	V	several vulnerabilities	2009-10-07