CVE-2008-1097
Published: 5 March 2008
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
Notes
Author | Note |
---|---|
jdstrand | tried the reproducer in the bug reports, and imagemagick not affected. Debian report says amd64 should be affected (but can't reproduce) |
Priority
Status
Package | Release | Status |
---|---|---|
graphicsmagick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
imagemagick Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
edgy |
Not vulnerable
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2008-0145.html |