Lucene search
Ubuntu.comUB:CVE-2008-1096HistoryMar 05, 2008 - 12:00 a.m.
CVE-2008-1096
2008-03-0500:00:00
ubuntu.com
ubuntu.com
16
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.043
Percentile
92.5%
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick
6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap
write, possibly related to the ScaleCharToQuantum function.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370>
- <https://bugzilla.redhat.com/show_bug.cgi?id=286411>
Notes
| Author | Note |
|---|---|
| jdstrand | Debian and Redhat bugs have test cases |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 9.04 | noarch | graphicsmagick | <Β 1.1.11-3.2+lenny1build0.9.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | graphicsmagick | <Β 1.3.5-5.1 | UNKNOWN |
| ubuntu | 10.04 | noarch | graphicsmagick | <Β 1.3.5-5.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | graphicsmagick | <Β 1.3.5-5.1 | UNKNOWN |
| ubuntu | 11.04 | noarch | graphicsmagick | <Β 1.3.5-5.1 | UNKNOWN |
| ubuntu | 11.10 | noarch | graphicsmagick | <Β 1.3.5-5.1 | UNKNOWN |
| ubuntu | 6.06 | noarch | imagemagick | <Β 6:6.2.4.5-0.6ubuntu0.8 | UNKNOWN |
| ubuntu | 7.10 | noarch | imagemagick | <Β 7:6.2.4.5.dfsg1-2ubuntu1.1 | UNKNOWN |
Related
openvas
openvas
Ubuntu Update for imagemagick vulnerability USN-681-1
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-681-1)
2009-03-23 00:00:00
Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
2009-04-09 00:00:00
cvelist
cvelist
CVE-2008-1096
2008-03-05 20:00:00
prion
prion
Heap overflow
2008-03-05 20:44:00
debiancve
debiancve
CVE-2008-1096
2008-03-05 20:44:00
cve
cve
CVE-2008-1096
2008-03-05 20:44:00
nessus
nessus
Ubuntu 6.06 LTS / 7.10 : imagemagick vulnerability (USN-681-1)
2009-04-23 00:00:00
Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:099)
2009-04-23 00:00:00
openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5276)
2008-07-02 00:00:00
ubuntu
ubuntu
ImageMagick vulnerability
2008-12-01 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:20:13
nvd
nvd
CVE-2008-1096
2008-03-05 20:44:00
seebug
seebug
ImageMagick XCFεPCXζδ»Άε€ηε ζΊ’εΊζΌζ΄
2008-04-19 00:00:00
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2012-03-01 00:00:00
ImageMagick security update
2008-04-17 00:00:00
centos
centos
ImageMagick security update
2008-04-17 15:52:20
redhat
redhat
(RHSA-2008:0145) Moderate: ImageMagick security update
2008-04-16 00:00:00
debian
debian
osv
osv
imagemagick - several vulnerabilities
2009-08-10 00:00:00
graphicsmagick - several
2009-10-07 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.043
Percentile
92.5%
Related for UB:CVE-2008-1096