Vulnerabilities > CVE-2008-1096 - Buffer Errors vulnerability in Imagemagick Graphicsmagick and Imagemagick

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

imagemagick

CWE-119

nessus

NVD

Published: 2008-03-05

Updated: 2017-09-29

Summary

The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.

Vulnerable Configurations

Part	Description	Count
Application	Imagemagick Imagemagick Graphicsmagick 1.1.7 Imagemagick Graphicsmagick 1.1.8 Imagemagick Graphicsmagick 1.1.9 Imagemagick Graphicsmagick 1.1.10 Imagemagick Graphicsmagick 1.1.11 Imagemagick Graphicsmagick 1.1.12 Imagemagick Imagemagick 6.2.8.0 Imagemagick Imagemagick 6.2.8.1 Imagemagick Imagemagick 6.2.8.2 Imagemagick Imagemagick 6.2.8.3	10

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-681-1.NASL
description	It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	36745
published	2009-04-23
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/36745
title	Ubuntu 6.06 LTS / 7.10 : imagemagick vulnerability (USN-681-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-681-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(36745); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-1096"); script_bugtraq_id(28821); script_xref(name:"USN", value:"681-1"); script_name(english:"Ubuntu 6.06 LTS / 7.10 : imagemagick vulnerability (USN-681-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/681-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:imagemagick"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++9-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick++9c2a"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick9"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagick9-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perlmagick"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06\|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"imagemagick", pkgver:"6:6.2.4.5-0.6ubuntu0.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libmagick++9-dev", pkgver:"6.2.4.5-0.6ubuntu0.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libmagick++9c2a", pkgver:"6.2.4.5-0.6ubuntu0.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libmagick9", pkgver:"6.2.4.5-0.6ubuntu0.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libmagick9-dev", pkgver:"6.2.4.5-0.6ubuntu0.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"perlmagick", pkgver:"6.2.4.5-0.6ubuntu0.8")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"imagemagick", pkgver:"7:6.2.4.5.dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libmagick++9-dev", pkgver:"6.2.4.5.dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libmagick++9c2a", pkgver:"6.2.4.5.dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libmagick9", pkgver:"6.2.4.5.dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"libmagick9-dev", pkgver:"6.2.4.5.dfsg1-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"perlmagick", pkgver:"6.2.4.5.dfsg1-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imagemagick / libmagick++9-dev / libmagick++9c2a / libmagick9 / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0145.NASL
description	Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	31995
published	2008-04-22
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31995
title	CentOS 3 / 4 / 5 : ImageMagick (CESA-2008:0145)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-099.NASL
description	A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick (CVE-2008-1096). Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick (CVE-2008-1097). The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	37739
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37739
title	Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:099)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1903.NASL
description	Several vulnerabilities have been discovered in graphicsmagick, a collection of image processing tool, which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for GraphicsMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4988 A sign extension error allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. It affects only the oldstable distribution (etch). - CVE-2008-1096 The load_tile function in the XCF coder allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write. It affects only oldstable (etch). - CVE-2008-3134 Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoder readers; and the GetImageCharacteristics function in magick/image.c, as reachable from a crafted PNG, JPEG, BMP, or TIFF file. - CVE-2008-6070 Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image. - CVE-2008-6071 Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. - CVE-2008-6072 Multiple vulnerabilities in GraphicsMagick allow remote attackers to cause a denial of service (crash) via vectors in XCF and CINEON images. - CVE-2008-6621 Vulnerability in GraphicsMagick allows remote attackers to cause a denial of service (crash) via vectors in DPX images. - CVE-2009-1882 Integer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.
last seen	2020-06-01
modified	2020-06-02
plugin id	44768
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44768
title	Debian DSA-1903-1 : graphicsmagick - several vulnerabilities

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0145.NASL
description	From Red Hat Security Advisory 2008:0145 : Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	67656
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67656
title	Oracle Linux 3 / 4 / 5 : ImageMagick (ELSA-2008-0145)

NASL family	SuSE Local Security Checks
NASL id	SUSE_GRAPHICSMAGICK-5276.NASL
description	GraphicsMagick is affected by two security problems : CVE-2008-1096: Buffer overflow in the handling of XCF files CVE-2008-1097: Heap buffer overflow in the handling of PCX files
last seen	2020-06-01
modified	2020-06-02
plugin id	33378
published	2008-07-02
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33378
title	openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5276)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080416_IMAGEMAGICK_ON_SL3_X.NASL
description	Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	60382
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60382
title	Scientific Linux Security Update : ImageMagick on SL3.x, SL4.x, SL5.x i386/x86_64

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1858.NASL
description	Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a
last seen	2020-06-01
modified	2020-06-02
plugin id	44723
published	2010-02-24
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/44723
title	Debian DSA-1858-1 : imagemagick - multiple vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0145.NASL
description	Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim
last seen	2020-06-01
modified	2020-06-02
plugin id	31984
published	2008-04-18
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/31984
title	RHEL 3 / 4 / 5 : ImageMagick (RHSA-2008:0145)

NASL family	SuSE Local Security Checks
NASL id	SUSE_IMAGEMAGICK-5278.NASL
description	ImageMagick and GraphicsMagick are affected by two security problems : - Buffer overflow in the handling of XCF files CVE-2008-1097: Heap buffer overflow in the handling of PCX files. (CVE-2008-1096)
last seen	2020-06-01
modified	2020-06-02
plugin id	33380
published	2008-07-02
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33380
title	SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 5278)

NASL family	SuSE Local Security Checks
NASL id	SUSE_IMAGEMAGICK-5277.NASL
description	ImageMagick is affected by two security problems : CVE-2008-1096: Buffer overflow in the handling of XCF files CVE-2008-1097: Heap buffer overflow in the handling of PCX files
last seen	2020-06-01
modified	2020-06-02
plugin id	33379
published	2008-07-02
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33379
title	openSUSE 10 Security Update : ImageMagick (ImageMagick-5277)

Oval

accepted

2013-04-29T04:09:16.605-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10843

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2008:0145

rpms

ImageMagick-0:5.5.6-28
ImageMagick-0:6.0.7.1-17.el4_6.1
ImageMagick-0:6.2.8.0-4.el5_1.1
ImageMagick-c++-0:5.5.6-28
ImageMagick-c++-0:6.0.7.1-17.el4_6.1
ImageMagick-c++-0:6.2.8.0-4.el5_1.1
ImageMagick-c++-devel-0:5.5.6-28
ImageMagick-c++-devel-0:6.0.7.1-17.el4_6.1
ImageMagick-c++-devel-0:6.2.8.0-4.el5_1.1
ImageMagick-debuginfo-0:5.5.6-28
ImageMagick-debuginfo-0:6.0.7.1-17.el4_6.1
ImageMagick-debuginfo-0:6.2.8.0-4.el5_1.1
ImageMagick-devel-0:5.5.6-28
ImageMagick-devel-0:6.0.7.1-17.el4_6.1
ImageMagick-devel-0:6.2.8.0-4.el5_1.1
ImageMagick-perl-0:5.5.6-28
ImageMagick-perl-0:6.0.7.1-17.el4_6.1
ImageMagick-perl-0:6.2.8.0-4.el5_1.1

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 28822,28821 CVE(CAN) ID: CVE-2008-1097,CVE-2008-1096 ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。 ImageMagick解析XCF文件的方式存在堆溢出漏洞，如果打开了特制的XCF图形的话，ImageMagick就可能覆盖所分配内存区域之外的堆内存，这可能允许攻击者在运行ImageMagick的机器上执行任意指令。 ImageMagick处理某些畸形PCX图形的方式存在堆溢出漏洞，如果受害用户打开了特制的PCX文件的话，攻击者就可以在受害用户机器上执行任意指令。 ImageMagick ImageMagick 6.2.8-0 ImageMagick ImageMagick 6.2.4-5 RedHat ------ RedHat已经为此发布了安全公告（RHSA-2008:0165-01/RHSA-2008:0145-01）以及相应补丁: RHSA-2008:0165-01：Moderate: ImageMagick security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0165.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0165.html</a> RHSA-2008:0145-01：Moderate: ImageMagick security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0145.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0145.html</a>
id	SSV:3189
last seen	2017-11-19
modified	2008-04-19
published	2008-04-19
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-3189
title	ImageMagick XCF及PCX文件处理堆溢出漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Oval

Redhat

Seebug

References