CVE-2008-1097

Publication date 5 March 2008

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
graphicsmagick	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Not affected
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
imagemagick	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

Notes

jdstrand

tried the reproducer in the bug reports, and imagemagick not affected. Debian report says amd64 should be affected (but can’t reproduce)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
imagemagick	Vendor: https://rhn.redhat.com/errata/RHSA-2008-0145.html

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1097