Denial of Service Vulnerability in GraphicsMagick by Artifex Software
CVE-2013-4589

Currently unrated

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Debuginfo; Suse Studio Onsite; Suse Linux Enterprise Software Development Kit
Vendor: CVE Published:; 23 November 2013

Summary

A vulnerability exists in the ExportAlphaQuantumType function within the export.c file of GraphicsMagick, prior to version 1.3.18. This flaw can be exploited by remote attackers to trigger a denial of service condition, specifically causing an unexpected crash when the software attempts to export the alpha channel from an 8-bit RGBA image. Attackers may exploit this vulnerability by sending specially crafted image files, leading to service interruptions.

References

http://security.gentoo.org/glsa/glsa-201311-10.xml

vendor-advisoryx_refsource_GENTOO

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/55721

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 23, 2013
Vulnerability Reserved
Jun 12, 2013