Vulnerability CVE-2013-4589

Vulnerability Name:

CVE-2013-4589 (CCN-88057)

Assigned:

2013-03-27

Published:

2013-03-27

Updated:

2016-08-26

Summary:

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2013-4589

Source: FEDORA
Type: Third Party Advisory
FEDORA-2013-19307

Source: SUSE
Type: Third Party Advisory
SUSE-SU-2016:1614

Source: CCN
Type: oss-sec Mailing List, Fri, 15 Nov 2013 11:51:59 -0700
Re: CVE request for graphicsmagick DoS

Source: CCN
Type: SA55288
GraphicsMagick 8-bit RGBA Images Export Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
55288

Source: SECUNIA
Type: Vendor Advisory
55721

Source: GENTOO
Type: Third Party Advisory
GLSA-201311-10

Source: CONFIRM
Type: Exploit, Patch
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/

Source: CCN
Type: GraphicsMagick Web page
CMYK per-channel byte order TIFF crashes gm

Source: CONFIRM
Type: Exploit, Patch
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/

Source: CCN
Type: GraphicsMagick Web site
GraphicsMagick

Source: MLIST
Type: UNKNOWN
[oss-security] 20131115 Re: CVE request for graphicsmagick DoS

Source: BID
Type: Third Party Advisory, VDB Entry
63002

Source: CCN
Type: BID-63002
GraphicsMagick 'ExportAlphaQuantumType()' Function Denial Of Service Vulnerability

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1019085

Source: XF
Type: UNKNOWN
graphicsmagick-exportalphaquantumtype-dos(88057)

Vulnerable Configuration:

Configuration 1:

cpe:/a:novell:suse_studio_onsite:1.3:*:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*

OR cpe:/o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*

Configuration 2:

cpe:/a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.13:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.1.14:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.4:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.5:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.6:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.7:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.2.18:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.8:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.9:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.10:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.11:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.12:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.13:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.14:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.15:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:1.3.16:*:*:*:*:*:*:*

OR cpe:/a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:* (Version <= 1.3.17)

Configuration 3:

cpe:/o:fedoraproject:fedora:18:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:graphicsmagick:graphicsmagick:1.3.17:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20134589	V	CVE-2013-4589	2021-08-15
oval:org.opensuse.security:def:27108	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26490	P	Security update for pdns (Moderate)	2020-12-01
oval:org.opensuse.security:def:27254	P	openvpn on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26820	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27157	P	kdebase4-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26554	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27892	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26904	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26478	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:27196	P	libmspack0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26682	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27927	P	Security update for GraphicsMagick (Important)	2020-12-01
oval:org.opensuse.security:def:27055	P	x3270 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26479	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27210	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26763	P	libqt4-sql-mysql on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20134589000	V	CVE-2013-4589 on Ubuntu 12.04 LTS (precise) - medium.	2013-11-23
oval:com.ubuntu.xenial:def:201345890000000	V	CVE-2013-4589 on Ubuntu 16.04 LTS (xenial) - medium.	2013-11-23
oval:com.ubuntu.trusty:def:20134589000	V	CVE-2013-4589 on Ubuntu 14.04 LTS (trusty) - medium.	2013-11-23
oval:com.ubuntu.xenial:def:20134589000	V	CVE-2013-4589 on Ubuntu 16.04 LTS (xenial) - medium.	2013-11-23

BACK