Heap-based Buffer Overflow in ImageMagick and GraphicsMagick Products
CVE-2008-1097

Currently unrated

Key Information:

Vendor: Imagemagick
Status: Graphicsmagick; Imagemagick
Vendor: CVE Published:; 5 March 2008

Summary

A heap-based buffer overflow vulnerability exists in the ReadPCXImage function located in the PCX coder module of ImageMagick and GraphicsMagick. This flaw allows remote attackers to exploit the software by crafting a malicious .pcx file. The exploitation leads to incorrect memory allocation for the scanline array, resulting in memory corruption that can cause application crashes or potentially allow remote code execution.

References

http://security.gentoo.org/glsa/glsa-201311-10.xml

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/28822

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=285861

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 5, 2008
Vulnerability Reserved
Feb 28, 2008