LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 28, 2008

Fedora, Red Hat, and distributor security

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

imagemagick: heap-based buffer overflows

Package(s):ImageMagick CVE #(s):CVE-2008-1096 CVE-2008-1097
Created:May 9, 2008 Updated:July 4, 2008
Description: From the Mandriva advisory:

A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick (CVE-2008-1096).

Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick (CVE-2008-1097).

Alerts:
SuSE SUSE-SR:2008:014 2008-07-04
Mandriva MDVSA-2008:099 2007-05-08
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds