CVE-2013-4589
First published: Tue Oct 15 2013(Updated: )
GraphicsMagick, a comprehensive image processing package, is found to have a vulnerability which can be exploited by malicious people to cause a Denial of Service (DoS). The vulnerability is caused due to an error within the "ExportAlphaQuantumType()" function found in magick/export.c when exporting 8-bit RGBA images, which can be exploited to cause a crash. The vulnerability is reported in versions prior to 1.3.18, Fedora 19 already ships with 1.3.18, so it doesn't seem to be affected. References: <a href="https://bugs.gentoo.org/show_bug.cgi?id=488050">https://bugs.gentoo.org/show_bug.cgi?id=488050</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/graphicsmagick | <1.3.18 | 1.3.18 |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp4 | |
| SUSE Studio Onsite Appliance | =1.3 | |
| SUSE Linux Enterprise Debuginfo | =11-sp4 | |
| ImageMagick | <=1.3.17 | |
| ImageMagick | =1.0 | |
| ImageMagick | =1.0.1 | |
| ImageMagick | =1.0.2 | |
| ImageMagick | =1.0.3 | |
| ImageMagick | =1.0.4 | |
| ImageMagick | =1.0.5 | |
| ImageMagick | =1.0.6 | |
| ImageMagick | =1.1 | |
| ImageMagick | =1.1.1 | |
| ImageMagick | =1.1.2 | |
| ImageMagick | =1.1.3 | |
| ImageMagick | =1.1.4 | |
| ImageMagick | =1.1.5 | |
| ImageMagick | =1.1.6 | |
| ImageMagick | =1.1.7 | |
| ImageMagick | =1.1.8 | |
| ImageMagick | =1.1.9 | |
| ImageMagick | =1.1.10 | |
| ImageMagick | =1.1.11 | |
| ImageMagick | =1.1.12 | |
| ImageMagick | =1.1.13 | |
| ImageMagick | =1.1.14 | |
| ImageMagick | =1.2.1 | |
| ImageMagick | =1.2.2 | |
| ImageMagick | =1.2.3 | |
| ImageMagick | =1.2.4 | |
| ImageMagick | =1.2.5 | |
| ImageMagick | =1.2.6 | |
| ImageMagick | =1.2.7 | |
| ImageMagick | =1.2.18 | |
| ImageMagick | =1.3.8 | |
| ImageMagick | =1.3.9 | |
| ImageMagick | =1.3.10 | |
| ImageMagick | =1.3.11 | |
| ImageMagick | =1.3.12 | |
| ImageMagick | =1.3.13 | |
| ImageMagick | =1.3.14 | |
| ImageMagick | =1.3.15 | |
| ImageMagick | =1.3.16 | |
| Fedora | =18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
- http://secunia.com/advisories/55288
- http://secunia.com/advisories/55721
- http://security.gentoo.org/glsa/glsa-201311-10.xml
- http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
- http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
- http://www.openwall.com/lists/oss-security/2013/11/15/14
- http://www.securityfocus.com/bid/63002
- https://bugzilla.redhat.com/show_bug.cgi?id=1019085
Frequently Asked Questions
What is the severity of CVE-2013-4589?
CVE-2013-4589 is classified as a Denial of Service (DoS) vulnerability.
How do I fix CVE-2013-4589?
To fix CVE-2013-4589, upgrade GraphicsMagick to version 1.3.18 or later.
What versions of GraphicsMagick are affected by CVE-2013-4589?
Versions of GraphicsMagick up to 1.3.17 are affected by CVE-2013-4589.
Are there any specific distributions affected by CVE-2013-4589?
CVE-2013-4589 affects several distributions including Red Hat and SUSE Linux.
What component is responsible for the vulnerability CVE-2013-4589?
The vulnerability CVE-2013-4589 is caused by an error in the 'ExportAlphaQuantumType()' function in GraphicsMagick.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-4589
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/novell
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp4
- canonical/suse studio onsite appliance
- version/suse studio onsite appliance/1.3
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp4
- vendor/graphicsmagick
- canonical/imagemagick
- version/imagemagick/1.3.17
- version/imagemagick/1.0
- version/imagemagick/1.0.1
- version/imagemagick/1.0.2
- version/imagemagick/1.0.3
- version/imagemagick/1.0.4
- version/imagemagick/1.0.5
- version/imagemagick/1.0.6
- version/imagemagick/1.1
- version/imagemagick/1.1.1
- version/imagemagick/1.1.2
- version/imagemagick/1.1.3
- version/imagemagick/1.1.4
- version/imagemagick/1.1.5
- version/imagemagick/1.1.6
- version/imagemagick/1.1.7
- version/imagemagick/1.1.8
- version/imagemagick/1.1.9
- version/imagemagick/1.1.10
- version/imagemagick/1.1.11
- version/imagemagick/1.1.12
- version/imagemagick/1.1.13
- version/imagemagick/1.1.14
- version/imagemagick/1.2.1
- version/imagemagick/1.2.2
- version/imagemagick/1.2.3
- version/imagemagick/1.2.4
- version/imagemagick/1.2.5
- version/imagemagick/1.2.6
- version/imagemagick/1.2.7
- version/imagemagick/1.2.18
- version/imagemagick/1.3.8
- version/imagemagick/1.3.9
- version/imagemagick/1.3.10
- version/imagemagick/1.3.11
- version/imagemagick/1.3.12
- version/imagemagick/1.3.13
- version/imagemagick/1.3.14
- version/imagemagick/1.3.15
- version/imagemagick/1.3.16
- vendor/fedoraproject
- canonical/fedora
- version/fedora/18