Upstream information

CVE-2008-1097 at MITRE

Description

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 391366 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • GraphicsMagick >= 1.2.5-4.33.1
  • libGraphicsMagick2 >= 1.2.5-4.33.1
  • perl-GraphicsMagick >= 1.2.5-4.33.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA GraphicsMagick
SUSE Linux Enterprise SDK 10 SP2
  • ImageMagick >= 6.2.5-16.29
  • ImageMagick-Magick++ >= 6.2.5-16.29
  • ImageMagick-Magick++-devel >= 6.2.5-16.29
  • ImageMagick-devel >= 6.2.5-16.29
  • perl-PerlMagick >= 6.2.5-16.29
core9.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
core9.ppc
sles9-nld.x86
sle10-sp1-sdk.x86
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.ia64
sles9-nld.x86
sled10-sp2.x86
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86-64
sle10-sp1-sdk.ppc
sles9-nld.x86-64
core9.ia64
sled10.x86
sles9-nld.x86-64
core9.s390x
sle10-sp2-sdk.ppc
sle10-sp2-sdk.x86
core9.s390
sle10-sp2-sdk.x86-64
core9.x86-64
ZYPP Patch Nr: 5278
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • ImageMagick >= 5.5.7-225.39
  • ImageMagick-Magick++ >= 5.5.7-225.39
  • ImageMagick-devel >= 5.5.7-225.39
  • perl-PerlMagick >= 5.5.7-225.39
core9.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
core9.ppc
sles9-nld.x86
sle10-sp1-sdk.x86
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.ia64
sles9-nld.x86
sled10-sp2.x86
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86-64
sle10-sp1-sdk.ppc
sles9-nld.x86-64
core9.ia64
sled10.x86
sles9-nld.x86-64
core9.s390x
sle10-sp2-sdk.ppc
sle10-sp2-sdk.x86
core9.s390
sle10-sp2-sdk.x86-64
core9.x86-64
ZYPP Patch Nr: 5278
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • ImageMagick >= 5.5.7-225.39
  • ImageMagick-devel >= 5.5.7-225.39
core9.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.s390x
core9.ppc
sles9-nld.x86
sle10-sp1-sdk.x86
sle10-sp1-sdk.x86-64
sle10-sp1-sdk.ia64
sles9-nld.x86
sled10-sp2.x86
sled10.x86-64
sle10-sp2-sdk.ia64
sled10-sp2.x86-64
sle10-sp1-sdk.ppc
sles9-nld.x86-64
core9.ia64
sled10.x86
sles9-nld.x86-64
core9.s390x
sle10-sp2-sdk.ppc
sle10-sp2-sdk.x86
core9.s390
sle10-sp2-sdk.x86-64
core9.x86-64
ZYPP Patch Nr: 5278
SUSE LINUX 10.1
  • ImageMagick >= 6.2.5-16.29
  • ImageMagick-Magick++ >= 6.2.5-16.29
  • ImageMagick-Magick++-devel >= 6.2.5-16.29
  • ImageMagick-devel >= 6.2.5-16.29
  • perl-PerlMagick >= 6.2.5-16.29