ByteOS Network

NVD Vulnerability Details :

CVE-2008-1097

Modified

Source-cve@mitre.org

Published At-05 Mar, 2008 | 20:44

Updated At-29 Sep, 2017 | 01:30

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

ImageMagick Studio LLC

>>graphicsmagick>>1.1.7

cpe:2.3:a:imagemagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>graphicsmagick>>1.1.8

cpe:2.3:a:imagemagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>graphicsmagick>>1.1.9

cpe:2.3:a:imagemagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>graphicsmagick>>1.1.10

cpe:2.3:a:imagemagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>graphicsmagick>>1.1.11

cpe:2.3:a:imagemagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>graphicsmagick>>1.1.12

cpe:2.3:a:imagemagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>imagemagick>>6.2.8.0

cpe:2.3:a:imagemagick:imagemagick:6.2.8.0:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>imagemagick>>6.2.8.1

cpe:2.3:a:imagemagick:imagemagick:6.2.8.1:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>imagemagick>>6.2.8.2

cpe:2.3:a:imagemagick:imagemagick:6.2.8.2:*:*:*:*:*:*:*

ImageMagick Studio LLC

>>imagemagick>>6.2.8.3

cpe:2.3:a:imagemagick:imagemagick:6.2.8.3:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-399	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html	cve@mitre.org	N/A
http://osvdb.org/43213	cve@mitre.org	N/A
http://secunia.com/advisories/29786	cve@mitre.org	N/A
http://secunia.com/advisories/29857	cve@mitre.org	N/A
http://secunia.com/advisories/30967	cve@mitre.org	N/A
http://secunia.com/advisories/36260	cve@mitre.org	N/A
http://secunia.com/advisories/55721	cve@mitre.org	N/A
http://security.gentoo.org/glsa/glsa-201311-10.xml	cve@mitre.org	N/A
http://www.debian.org/security/2009/dsa-1858	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2008-0145.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2008-0165.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/28822	cve@mitre.org	N/A
http://www.securitytracker.com/id?1019881	cve@mitre.org	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=285861	cve@mitre.org	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History