Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3189
HistoryApr 19, 2008 - 12:00 a.m.

ImageMagick XCF及PCX文件处理堆溢出漏洞

2008-04-1900:00:00
Root
www.seebug.org
17

0.043 Low

EPSS

Percentile

91.4%

JSON

BUGTRAQ ID: 28822,28821
CVE(CAN) ID: CVE-2008-1097,CVE-2008-1096

ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。

ImageMagick解析XCF文件的方式存在堆溢出漏洞,如果打开了特制的XCF图形的话,ImageMagick就可能覆盖所分配内存区域之外的堆内存,这可能允许攻击者在运行ImageMagick的机器上执行任意指令。

ImageMagick处理某些畸形PCX图形的方式存在堆溢出漏洞,如果受害用户打开了特制的PCX文件的话,攻击者就可以在受害用户机器上执行任意指令。

ImageMagick ImageMagick 6.2.8-0
ImageMagick ImageMagick 6.2.4-5
RedHat

RedHat已经为此发布了安全公告(RHSA-2008:0165-01/RHSA-2008:0145-01)以及相应补丁:
RHSA-2008:0165-01:Moderate: ImageMagick security update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2008-0165.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2008-0165.html</a>

RHSA-2008:0145-01:Moderate: ImageMagick security update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2008-0145.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2008-0145.html</a>


                                                https://bugzilla.redhat.com/attachment.cgi?id=192731

Related

nessus 13
openvas 25
oraclelinux 2
prion 2
debiancve 2
cve 2
cvelist 2
veracode 2
ubuntucve 2
ubuntu 1
redhat 2
centos 2
debian 2
osv 2
gentoo 1
nessus
nessus
Mandriva Linux Security Advisory : ImageMagick (MDVSA-2008:099)
2009-04-23 00:00:00
openSUSE 10 Security Update : GraphicsMagick (GraphicsMagick-5276)
2008-07-02 00:00:00
openSUSE 10 Security Update : ImageMagick (ImageMagick-5277)
2008-07-02 00:00:00
openvas
openvas
Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
2009-04-09 00:00:00
Mandriva Update for ImageMagick MDVSA-2008:099 (ImageMagick)
2009-04-09 00:00:00
Ubuntu Update for imagemagick vulnerability USN-681-1
2009-03-23 00:00:00
oraclelinux
oraclelinux
ImageMagick security and bug fix update
2012-03-01 00:00:00
ImageMagick security update
2008-04-17 00:00:00
prion
prion
Heap overflow
2008-03-05 20:44:00
Heap overflow
2008-03-05 20:44:00
debiancve
debiancve
CVE-2008-1096
2008-03-05 20:44:00
CVE-2008-1097
2008-03-05 20:44:00
cve
cve
CVE-2008-1096
2008-03-05 20:44:00
CVE-2008-1097
2008-03-05 20:44:00
cvelist
cvelist
CVE-2008-1096
2008-03-05 20:00:00
CVE-2008-1097
2008-03-05 20:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:20:13
Arbitrary Code Execution
2020-04-10 00:20:13
ubuntucve
ubuntucve
CVE-2008-1096
2008-03-05 00:00:00
CVE-2008-1097
2008-03-05 00:00:00
ubuntu
ubuntu
ImageMagick vulnerability
2008-12-01 00:00:00
redhat
redhat
(RHSA-2008:0145) Moderate: ImageMagick security update
2008-04-16 00:00:00
(RHSA-2008:0165) Moderate: ImageMagick security update
2008-04-16 00:00:00
centos
centos
ImageMagick security update
2008-04-17 15:52:20
ImageMagick security update
2008-04-18 00:17:42
debian
debian
[SECURITY] [DSA 1858-1] New imagemagick packages fix several vulnerabilities
2009-08-10 17:06:22
[SECURITY] [DSA 1903-1] New graphicsmagick packages fix several vulnerabilities
2009-10-07 19:09:46
osv
osv
imagemagick - several vulnerabilities
2009-08-10 00:00:00
graphicsmagick - several
2009-10-07 00:00:00
gentoo
gentoo
GraphicsMagick: Multiple vulnerabilities
2013-11-19 00:00:00

0.043 Low

EPSS

Percentile

91.4%

JSON
Related for SSV:3189
nessus13openvas25oraclelinux2prion2debiancve2cve2cvelist2veracode2ubuntucve2ubuntu1redhat2centos2debian2osv2gentoo1