Vulnerabilities > CVE-2008-1097 - Resource Management Errors vulnerability in Imagemagick Graphicsmagick and Imagemagick
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0145.NASL description Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 31995 published 2008-04-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31995 title CentOS 3 / 4 / 5 : ImageMagick (CESA-2008:0145) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-099.NASL description A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick (CVE-2008-1096). Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick (CVE-2008-1097). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37739 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37739 title Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:099) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201311-10.NASL description The remote host is affected by the vulnerability described in GLSA-201311-10 (GraphicsMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file, potentially resulting in arbitrary code execution or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70959 published 2013-11-19 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70959 title GLSA-201311-10 : GraphicsMagick: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0165.NASL description Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux version 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 31985 published 2008-04-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31985 title RHEL 2.1 : ImageMagick (RHSA-2008:0165) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0145.NASL description From Red Hat Security Advisory 2008:0145 : Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 67656 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67656 title Oracle Linux 3 / 4 / 5 : ImageMagick (ELSA-2008-0145) NASL family SuSE Local Security Checks NASL id SUSE_GRAPHICSMAGICK-5276.NASL description GraphicsMagick is affected by two security problems : CVE-2008-1096: Buffer overflow in the handling of XCF files CVE-2008-1097: Heap buffer overflow in the handling of PCX files last seen 2020-06-01 modified 2020-06-02 plugin id 33378 published 2008-07-02 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33378 title openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5276) NASL family Scientific Linux Local Security Checks NASL id SL_20080416_IMAGEMAGICK_ON_SL3_X.NASL description Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 60382 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60382 title Scientific Linux Security Update : ImageMagick on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1858.NASL description Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause DoS. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1667 Multiple integer overflows in XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-1797 Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted DCM image, or the colors or comments field in a crafted XWD image. It only affects the oldstable distribution (etch). - CVE-2007-4985 A crafted image file can trigger an infinite loop in the ReadDCMImage function or in the ReadXCFImage function. It only affects the oldstable distribution (etch). - CVE-2007-4986 Multiple integer overflows allow context-dependent attackers to execute arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file, which triggers a heap-based buffer overflow. It only affects the oldstable distribution (etch). - CVE-2007-4987 Off-by-one error allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a last seen 2020-06-01 modified 2020-06-02 plugin id 44723 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44723 title Debian DSA-1858-1 : imagemagick - multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0145.NASL description Updated ImageMagick packages that correct several security issues are now available for Red Hat Enterprise Linux versions 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim last seen 2020-06-01 modified 2020-06-02 plugin id 31984 published 2008-04-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31984 title RHEL 3 / 4 / 5 : ImageMagick (RHSA-2008:0145) NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-5278.NASL description ImageMagick and GraphicsMagick are affected by two security problems : - Buffer overflow in the handling of XCF files CVE-2008-1097: Heap buffer overflow in the handling of PCX files. (CVE-2008-1096) last seen 2020-06-01 modified 2020-06-02 plugin id 33380 published 2008-07-02 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33380 title SuSE 10 Security Update : ImageMagick (ZYPP Patch Number 5278) NASL family SuSE Local Security Checks NASL id SUSE_IMAGEMAGICK-5277.NASL description ImageMagick is affected by two security problems : CVE-2008-1096: Buffer overflow in the handling of XCF files CVE-2008-1097: Heap buffer overflow in the handling of PCX files last seen 2020-06-01 modified 2020-06-02 plugin id 33379 published 2008-07-02 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33379 title openSUSE 10 Security Update : ImageMagick (ImageMagick-5277)
Oval
accepted | 2013-04-29T04:12:35.608-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:11237 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 28822,28821 CVE(CAN) ID: CVE-2008-1097,CVE-2008-1096 ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。 ImageMagick解析XCF文件的方式存在堆溢出漏洞,如果打开了特制的XCF图形的话,ImageMagick就可能覆盖所分配内存区域之外的堆内存,这可能允许攻击者在运行ImageMagick的机器上执行任意指令。 ImageMagick处理某些畸形PCX图形的方式存在堆溢出漏洞,如果受害用户打开了特制的PCX文件的话,攻击者就可以在受害用户机器上执行任意指令。 ImageMagick ImageMagick 6.2.8-0 ImageMagick ImageMagick 6.2.4-5 RedHat ------ RedHat已经为此发布了安全公告(RHSA-2008:0165-01/RHSA-2008:0145-01)以及相应补丁: RHSA-2008:0165-01:Moderate: ImageMagick security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0165.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0165.html</a> RHSA-2008:0145-01:Moderate: ImageMagick security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0145.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0145.html</a> |
id | SSV:3189 |
last seen | 2017-11-19 |
modified | 2008-04-19 |
published | 2008-04-19 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-3189 |
title | ImageMagick XCF及PCX文件处理堆溢出漏洞 |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034
- http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
- http://osvdb.org/43213
- http://secunia.com/advisories/29786
- http://secunia.com/advisories/29857
- http://secunia.com/advisories/30967
- http://secunia.com/advisories/36260
- http://secunia.com/advisories/55721
- http://security.gentoo.org/glsa/glsa-201311-10.xml
- http://www.debian.org/security/2009/dsa-1858
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
- http://www.redhat.com/support/errata/RHSA-2008-0145.html
- http://www.redhat.com/support/errata/RHSA-2008-0165.html
- http://www.securityfocus.com/bid/28822
- http://www.securitytracker.com/id?1019881
- https://bugzilla.redhat.com/show_bug.cgi?id=285861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237