CVE - CVE-2008-1096

CVE-ID
CVE-2008-1096	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:28821 URL:http://www.securityfocus.com/bid/28821 DEBIAN:DSA-1858 URL:http://www.debian.org/security/2009/dsa-1858 MANDRIVA:MDVSA-2008:099 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:099~~ (Obsolete source) MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=286411 OSVDB:43212 URL:~~http://osvdb.org/43212~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10843 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843 REDHAT:RHSA-2008:0145 URL:http://www.redhat.com/support/errata/RHSA-2008-0145.html SECTRACK:1019880 URL:http://www.securitytracker.com/id?1019880 SECUNIA:29786 URL:http://secunia.com/advisories/29786 SECUNIA:30967 URL:http://secunia.com/advisories/30967 SECUNIA:32945 URL:http://secunia.com/advisories/32945 SECUNIA:36260 URL:http://secunia.com/advisories/36260 SUSE:SUSE-SR:2008:014 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html UBUNTU:USN-681-1 URL:http://www.ubuntu.com/usn/USN-681-1 XF:imagemagick-loadtile-code-execution(41194) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41194
Assigning CNA
MITRE Corporation
Date Record Created
20080228	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080228)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)