CVE-2015-8808 - OpenCVE

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Graphicsmagick	Graphicsmagick
Suse	Linux Enterprise Debuginfo Linux Enterprise Software Development Kit Studio Onsite

Configuration 1 [-]

cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
	cpe:2.3:a:suse:studio_onsite:1.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2
http://www.debian.org/security/2016/dsa-3746
http://www.openwall.com/lists/oss-security/2016/02/06/1
http://www.openwall.com/lists/oss-security/2016/02/06/3
http://www.securityfocus.com/bid/83058

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-07-13T15:00:00

Updated: 2024-08-06T08:29:21.988Z

Reserved: 2016-02-06T00:00:00

Link: CVE-2015-8808

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-07-13T15:59:00.137

Modified: 2017-11-04T01:29:13.833

Link: CVE-2015-8808

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160206 CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/02/06/1"}, {"name": "FEDORA-2016-49bf88cd29", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html"}, {"name": "83058", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/83058"}, {"name": "SUSE-SU-2016:1614", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html"}, {"name": "[graphicsmagick-commit] 20150202 [GM-commit] GraphicsMagick: Assure that GIF decoder does not use unitialized...", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2"}, {"name": "DSA-3746", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3746"}, {"name": "[oss-security] 20160206 Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/02/06/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8808", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160206 CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/06/1"}, {"name": "FEDORA-2016-49bf88cd29", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html"}, {"name": "83058", "refsource": "BID", "url": "http://www.securityfocus.com/bid/83058"}, {"name": "SUSE-SU-2016:1614", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html"}, {"name": "[graphicsmagick-commit] 20150202 [GM-commit] GraphicsMagick: Assure that GIF decoder does not use unitialized...", "refsource": "MLIST", "url": "http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2"}, {"name": "DSA-3746", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3746"}, {"name": "[oss-security] 20160206 Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/02/06/3"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:29:21.988Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20160206 CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/02/06/1"}, {"name": "FEDORA-2016-49bf88cd29", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html"}, {"name": "83058", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/83058"}, {"name": "SUSE-SU-2016:1614", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html"}, {"name": "[graphicsmagick-commit] 20150202 [GM-commit] GraphicsMagick: Assure that GIF decoder does not use unitialized...", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2"}, {"name": "DSA-3746", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3746"}, {"name": "[oss-security] 20160206 Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/02/06/3"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8808", "datePublished": "2016-07-13T15:00:00", "dateReserved": "2016-02-06T00:00:00", "dateUpdated": "2024-08-06T08:29:21.988Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "999B6EE4-DCDB-4C23-B9E0-F8A62542DB69", "versionEndIncluding": "1.3.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "74BCA435-7594-49E8-9BAE-9E02E129B6C0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file."}, {"lang": "es", "value": "La funci\u00f3n DecodeImage en coders/gif.c en GraphicsMagick 1.3.18 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (acceso a memoria no inicializada) a trav\u00e9s de un archivo GIF manipulado."}], "id": "CVE-2015-8808", "lastModified": "2017-11-04T01:29:13.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-13T15:59:00.137", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3746"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/02/06/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/02/06/3"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/83058"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}