CVE-2013-4589

EUVD-2013-4447
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
novellsuse_linux_enterprise_software_development_kit
11.0:sp4
novellsuse_studio_onsite
1.3
graphicsmagickgraphicsmagick
𝑥
≤ 1.3.17
graphicsmagickgraphicsmagick
1.0
graphicsmagickgraphicsmagick
1.0.1
graphicsmagickgraphicsmagick
1.0.2
graphicsmagickgraphicsmagick
1.0.3
graphicsmagickgraphicsmagick
1.0.4
graphicsmagickgraphicsmagick
1.0.5
graphicsmagickgraphicsmagick
1.0.6
graphicsmagickgraphicsmagick
1.1
graphicsmagickgraphicsmagick
1.1.1
graphicsmagickgraphicsmagick
1.1.2
graphicsmagickgraphicsmagick
1.1.3
graphicsmagickgraphicsmagick
1.1.4
graphicsmagickgraphicsmagick
1.1.5
graphicsmagickgraphicsmagick
1.1.6
graphicsmagickgraphicsmagick
1.1.7
graphicsmagickgraphicsmagick
1.1.8
graphicsmagickgraphicsmagick
1.1.9
graphicsmagickgraphicsmagick
1.1.10
graphicsmagickgraphicsmagick
1.1.11
graphicsmagickgraphicsmagick
1.1.12
graphicsmagickgraphicsmagick
1.1.13
graphicsmagickgraphicsmagick
1.1.14
graphicsmagickgraphicsmagick
1.2.1
graphicsmagickgraphicsmagick
1.2.2
graphicsmagickgraphicsmagick
1.2.3
graphicsmagickgraphicsmagick
1.2.4
graphicsmagickgraphicsmagick
1.2.5
graphicsmagickgraphicsmagick
1.2.6
graphicsmagickgraphicsmagick
1.2.7
graphicsmagickgraphicsmagick
1.2.18
graphicsmagickgraphicsmagick
1.3.8
graphicsmagickgraphicsmagick
1.3.9
graphicsmagickgraphicsmagick
1.3.10
graphicsmagickgraphicsmagick
1.3.11
graphicsmagickgraphicsmagick
1.3.12
graphicsmagickgraphicsmagick
1.3.13
graphicsmagickgraphicsmagick
1.3.14
graphicsmagickgraphicsmagick
1.3.15
graphicsmagickgraphicsmagick
1.3.16
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
graphicsmagick
bookworm
1.4+really1.3.40-4
fixed
bullseye
1.4+really1.3.36+hg16481-2+deb11u1
fixed
bullseye (security)
1.4+really1.3.36+hg16481-2+deb11u1
fixed
sid
1.4+really1.3.45-1
fixed
squeeze
no-dsa
trixie
1.4+really1.3.45-1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
graphicsmagick
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
not-affected
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
References
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
http://secunia.com/advisories/55288
http://secunia.com/advisories/55721
http://security.gentoo.org/glsa/glsa-201311-10.xml
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
http://www.openwall.com/lists/oss-security/2013/11/15/14
http://www.securityfocus.com/bid/63002
https://bugzilla.redhat.com/show_bug.cgi?id=1019085
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
http://secunia.com/advisories/55288
http://secunia.com/advisories/55721
http://security.gentoo.org/glsa/glsa-201311-10.xml
http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144/
http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b/
http://www.openwall.com/lists/oss-security/2013/11/15/14
http://www.securityfocus.com/bid/63002
https://bugzilla.redhat.com/show_bug.cgi?id=1019085