Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 483032 (CVE-2013-4298) - <media-gfx/imagemagick- GIF Comments Handling Denial of Service Vulnerability (CVE-2013-4298)
Summary: <media-gfx/imagemagick- GIF Comments Handling Denial of Service Vulne...
Alias: CVE-2013-4298
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2013-08-30 15:48 UTC by Agostino Sarubbo
Modified: 2014-05-17 14:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-30 15:48:55 UTC
From ${URL} :


A vulnerability has been reported in ImageMagick, which can be exploited by malicious people to 
cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "ReadGIFImage()" function (coders/gif.c) 
when handling the comments extension in GIF files and can be exploited to corrupt memory.

The vulnerability is reported in versions prior to 6.7.8-8.

Update to version 6.7.8-8.

Provided and/or discovered by:
Holger Seelig

Original Advisory:

Holger Seelig:

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-09-13 15:50:00 UTC
CVE-2013-4298 (
  The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8
  allows remote attackers to cause a denial of service (memory corruption and
  application crash) via a crafted comment in a GIF image.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-05 22:39:11 UTC
Stable version is unaffected. @maintainers: cleanup please, timeout 30 days. Added to existing GLSA request.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-05-17 14:40:54 UTC
This issue was resolved and addressed in
 GLSA 201405-09 at
by GLSA coordinator Chris Reffett (creffett).