{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"name": "30549", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30549"}, {"name": "29583", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29583"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"name": "graphicsmagick-readpalmimage-bo(42904)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42904"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6070", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/project/shownotes.php?release_id=604837", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"name": "30549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30549"}, {"name": "29583", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29583"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"name": "graphicsmagick-readpalmimage-bo(42904)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42904"}, {"name": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c", "refsource": "CONFIRM", "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:20:24.317Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"name": "30549", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30549"}, {"name": "29583", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29583"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"name": "graphicsmagick-readpalmimage-bo(42904)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42904"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6070", "datePublished": "2009-02-06T01:00:00", "dateReserved": "2009-02-05T00:00:00", "dateUpdated": "2024-08-07T11:20:24.317Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A26CBEB-F0B3-41C6-A09E-0F69720FFB8E", "versionEndIncluding": "1.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E3834A3-8A7E-4914-A20C-EE694150D044", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E54C88D-035D-43F7-8D26-F07C9DC24D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "DEDB13AA-2AD3-4FFE-9851-53BB0531BC92", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "071499F5-8FB0-4EE9-B816-6514AF6C17AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96A991C-67A7-4C36-99C4-846BD2175F5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8AC0F79E-4DD6-4EF9-82E1-68DC8EB7EF5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD7E2792-B4BC-4C71-990D-0B7462919568", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "10F2FD22-4058-45D6-8352-0AA6382746C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4F41DBD-6F06-40DC-A722-EC51B9ACC07D", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "96CA70E0-2533-417A-B8C4-F687BF256691", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1BF103AE-6F15-4F2D-A375-F2AF91171EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65929D5C-31B1-4A70-8E9C-AC6749332480", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC45DB14-ABB2-4116-930D-349A81CDB982", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "0573F148-0204-4F6B-A7B7-12DDF61C7383", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "7D259740-FE5A-4D28-B554-FD176F9BD1FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "489040F9-1992-4030-9AFC-9855CFB8C1EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A9942F4B-6608-4828-988C-2F76EB73CC48", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "12D4C9D5-2A4F-4263-943C-1F46E0BB802E", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "FAA39999-2648-4EBB-A9CD-15FBE9900E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4AD2742D-41F6-43F4-B90B-B75D54E08326", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "2755909D-D83F-4810-824D-7514EE501AA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "5763F6B5-C4FB-4792-B5D8-058B314D177E", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "01E41E1B-BE16-4581-A503-CEC993D11A71", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples desbordamientos inferiores de b\u00fafer basados en mont\u00edculo en la funci\u00f3n ReadPALMImage en coders/palm.c de GraphicsMagick before v1.2.3, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen PALM manipulada, es un vulnerabilidad diferente a CVE-2007-0770. NOTA: Algunos de estos detalles se han obtenido de terceras personas."}], "id": "CVE-2008-6070", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-02-10T06:59:34.267", "references": [{"source": "cve@mitre.org", "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30549"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29583"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42904"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42904"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": ", CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick", "id": "516295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516295"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information."], "name": "CVE-2008-6070", "public_date": "2007-03-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-6070"], "statement": "The costs associated with fixing these bug are greater than the posed security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.", "threat_severity": "Moderate"}

{}