{"id":"DEBIAN-CVE-2008-1097","details":"Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.","modified":"2026-04-28T20:12:04.948429Z","published":"2008-03-05T20:44:00Z","upstream":["CVE-2008-1097"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2008-1097"}],"affected":[{"package":{"name":"graphicsmagick","ecosystem":"Debian:11","purl":"pkg:deb/debian/graphicsmagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.7-13"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Debian:12","purl":"pkg:deb/debian/graphicsmagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.7-13"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Debian:13","purl":"pkg:deb/debian/graphicsmagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.7-13"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"graphicsmagick","ecosystem":"Debian:14","purl":"pkg:deb/debian/graphicsmagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.7-13"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"imagemagick","ecosystem":"Debian:11","purl":"pkg:deb/debian/imagemagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:6.2.4.5.dfsg1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"imagemagick","ecosystem":"Debian:12","purl":"pkg:deb/debian/imagemagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:6.2.4.5.dfsg1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"imagemagick","ecosystem":"Debian:13","purl":"pkg:deb/debian/imagemagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:6.2.4.5.dfsg1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}},{"package":{"name":"imagemagick","ecosystem":"Debian:14","purl":"pkg:deb/debian/imagemagick?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:6.2.4.5.dfsg1-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-1097.json"}}],"schema_version":"1.7.5"}