CVE-2008-1096 (retired)

Priority
Description
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick
6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap
write, possibly related to the ScaleCharToQuantum function.
Notes
 jdstrand> Debian and Redhat bugs have test cases
Assigned-to
mdeslaur
Package
Upstream:released (1.3.5-5.1)
Package
Upstream:needs-triage
Patches:
Vendor:https://rhn.redhat.com/errata/RHSA-2008-0145.html
More Information

Updated: 2019-09-19 15:11:26 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)