Vulnerability Description
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux Enterprise Software Development Kit | 11.0 |
| Novell | Suse Studio Onsite | 1.3 |
| Novell | Suse Linux Enterprise Debuginfo | 11 |
| Graphicsmagick | Graphicsmagick | <= 1.3.17 |
| Fedoraproject | Fedora | 18 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.hThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.htmlThird Party Advisory
- http://secunia.com/advisories/55288Vendor Advisory
- http://secunia.com/advisories/55721Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201311-10.xmlThird Party Advisory
- http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39ExploitPatch
- http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/ExploitPatch
- http://www.openwall.com/lists/oss-security/2013/11/15/14
- http://www.securityfocus.com/bid/63002Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1019085Issue Tracking
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.hThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.htmlThird Party Advisory
- http://secunia.com/advisories/55288Vendor Advisory
- http://secunia.com/advisories/55721Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201311-10.xmlThird Party Advisory
FAQ
What is CVE-2013-4589?
CVE-2013-4589 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit...
How severe is CVE-2013-4589?
CVE-2013-4589 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4589?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Novell Suse Studio Onsite, Novell Suse Linux Enterprise Debuginfo, Graphicsmagick Graphicsmagick, Fedoraproject Fedora.