CVE-2013-4298

ImageMagick < 6.7.8-8 - Denial of Service via Crafted GIF Comment

Title source: llm

Description

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.

References (8)

Core 8

Core References

Various Sources x_refsource_confirm

http://www.imagemagick.org/script/changelog.php

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1949-1

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1218248

Exploit x_refsource_confirm

http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=23921

Issue Tracking x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54671

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54581

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2750

Scores

EPSS 0.0094

EPSS Percentile 76.5%

Details

CWE

CWE-119

Status published

Products (8)

imagemagick/imagemagick 6.7.8-0

imagemagick/imagemagick 6.7.8-1

imagemagick/imagemagick 6.7.8-2

imagemagick/imagemagick 6.7.8-3

imagemagick/imagemagick 6.7.8-4

imagemagick/imagemagick 6.7.8-5

imagemagick/imagemagick 6.7.8-6

imagemagick/imagemagick < 6.7.8-7

Published Sep 10, 2013

Tracked Since Feb 18, 2026