Search for vulnerabilities
Vulnerability details: VCID-x262-cvpt-aaab
Vulnerability ID VCID-x262-cvpt-aaab
Aliases CVE-2008-1096
Summary The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0145
epss 0.04040 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04040 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04040 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04040 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04304 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04364 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04364 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04364 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04364 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04364 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04364 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04878 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04878 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.04878 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.09644 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
epss 0.10063 https://api.first.org/data/v1/epss?cve=CVE-2008-1096
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2008-1096
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://osvdb.org/43212
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1096.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1096
https://bugzilla.redhat.com/show_bug.cgi?id=286411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1096
http://secunia.com/advisories/29786
http://secunia.com/advisories/30967
http://secunia.com/advisories/32945
http://secunia.com/advisories/36260
https://exchange.xforce.ibmcloud.com/vulnerabilities/41194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10843
http://www.debian.org/security/2009/dsa-1858
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
http://www.redhat.com/support/errata/RHSA-2008-0145.html
http://www.securityfocus.com/bid/28821
http://www.securitytracker.com/id?1019880
http://www.ubuntu.com/usn/USN-681-1
414370 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370
cpe:2.3:a:imagemagick:graphicsmagick:1.1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:graphicsmagick:1.1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:graphicsmagick:1.1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:graphicsmagick:1.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:graphicsmagick:1.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:graphicsmagick:1.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.2.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.2.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.2.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:imagemagick:imagemagick:6.2.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:imagemagick:imagemagick:6.2.8.3:*:*:*:*:*:*:*
CVE-2008-1096 https://nvd.nist.gov/vuln/detail/CVE-2008-1096
RHSA-2008:0145 https://access.redhat.com/errata/RHSA-2008:0145
USN-681-1 https://usn.ubuntu.com/681-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1096
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92405
EPSS Score 0.04040
Published At Dec. 3, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.