Vulnerabilities > CVE-2008-3134 - Resource Management Errors vulnerability in Graphicsmagick
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1903.NASL description Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 44768 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44768 title Debian DSA-1903-1 : graphicsmagick - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1903. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44768); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2007-1667", "CVE-2007-1797", "CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2008-1096", "CVE-2008-3134", "CVE-2008-6070", "CVE-2008-6071", "CVE-2008-6072", "CVE-2008-6621", "CVE-2009-1882"); script_xref(name:"DSA", value:"1903"); script_name(english:"Debian DSA-1903-1 : graphicsmagick - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417862" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444266" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=491439" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530946" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-1667" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-1797" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4985" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4986" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2007-4988" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-1096" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-3134" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-6070" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-6071" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-6072" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2008-6621" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-1882" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1903" ); script_set_attribute( attribute:"solution", value: "Upgrade the graphicsmagick packages. For the oldstable distribution (etch), these problems have been fixed in version 1.1.7-13+etch1. For the stable distribution (lenny), these problems have been fixed in version 1.1.11-3.2+lenny1. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.3.5-5.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:graphicsmagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/24"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"graphicsmagick", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"graphicsmagick-dbg", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"graphicsmagick-imagemagick-compat", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"graphicsmagick-libmagick-dev-compat", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libgraphics-magick-perl", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libgraphicsmagick++1", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libgraphicsmagick++1-dev", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libgraphicsmagick1", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"4.0", prefix:"libgraphicsmagick1-dev", reference:"1.1.7-13+etch1")) flag++; if (deb_check(release:"5.0", prefix:"graphicsmagick", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"graphicsmagick-dbg", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"graphicsmagick-imagemagick-compat", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"graphicsmagick-libmagick-dev-compat", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libgraphics-magick-perl", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libgraphicsmagick++1", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libgraphicsmagick++1-dev", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libgraphicsmagick1", reference:"1.1.11-3.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libgraphicsmagick1-dev", reference:"1.1.11-3.2+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_11_0_GRAPHICSMAGICK-080929.NASL description Specially crafted image files could crash GraphicsMagick (CVE-2008-3134). last seen 2020-06-01 modified 2020-06-02 plugin id 39878 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39878 title openSUSE Security Update : GraphicsMagick (GraphicsMagick-229) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update GraphicsMagick-229. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(39878); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-3134"); script_name(english:"openSUSE Security Update : GraphicsMagick (GraphicsMagick-229)"); script_summary(english:"Check for the GraphicsMagick-229 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted image files could crash GraphicsMagick (CVE-2008-3134)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=408852" ); script_set_attribute( attribute:"solution", value:"Update the affected GraphicsMagick packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"GraphicsMagick-1.1.11-29.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"GraphicsMagick-devel-1.1.11-29.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagick++-devel-1.1.11-29.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagick++1-1.1.11-29.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagick1-1.1.11-29.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libGraphicsMagickWand0-1.1.11-29.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"perl-GraphicsMagick-1.1.11-29.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-devel / libGraphicsMagick++-devel / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_GRAPHICSMAGICK-5646.NASL description Specially crafted image files could crash GraphicsMagick (CVE-2008-3134). last seen 2020-06-01 modified 2020-06-02 plugin id 34317 published 2008-10-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34317 title openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5646) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update GraphicsMagick-5646. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(34317); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-3134"); script_name(english:"openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5646)"); script_summary(english:"Check for the GraphicsMagick-5646 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specially crafted image files could crash GraphicsMagick (CVE-2008-3134)." ); script_set_attribute( attribute:"solution", value:"Update the affected GraphicsMagick packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-c++"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-c++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:GraphicsMagick-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick++1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagick1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libGraphicsMagickWand0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-GraphicsMagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-1.1.7-35.9") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-c++-1.1.7-35.9") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-c++-devel-1.1.7-35.9") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"GraphicsMagick-devel-1.1.7-35.9") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"perl-GraphicsMagick-1.1.7-35.9") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"GraphicsMagick-1.1.8-20.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"GraphicsMagick-devel-1.1.8-20.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagick++-devel-1.1.8-20.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagick++1-1.1.8-20.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagick1-1.1.8-20.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"libGraphicsMagickWand0-1.1.8-20.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"perl-GraphicsMagick-1.1.8-20.6") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GraphicsMagick / GraphicsMagick-c++ / GraphicsMagick-c++-devel / etc"); }
Statements
contributor | Mark J Cox |
lastmodified | 2010-05-14 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-3134 |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
- http://secunia.com/advisories/30879
- http://secunia.com/advisories/32151
- http://sourceforge.net/forum/forum.php?forum_id=841176
- http://sourceforge.net/project/shownotes.php?release_id=610253
- http://www.securityfocus.com/bid/30055
- http://www.securitytracker.com/id?1020413
- http://www.vupen.com/english/advisories/2008/1984/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43511
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43513