{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.  NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"name": "30549", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30549"}, {"name": "29583", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29583"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c"}, {"name": "graphicsmagick-decodeimage-bo(42906)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604785"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.  NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://sourceforge.net/project/shownotes.php?release_id=604837", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"name": "30549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30549"}, {"name": "29583", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29583"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"name": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c", "refsource": "CONFIRM", "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c"}, {"name": "graphicsmagick-decodeimage-bo(42906)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=604785", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=604785"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:20:24.361Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"name": "30549", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30549"}, {"name": "29583", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29583"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c"}, {"name": "graphicsmagick-decodeimage-bo(42906)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=604785"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6071", "datePublished": "2009-02-06T01:00:00", "dateReserved": "2009-02-05T00:00:00", "dateUpdated": "2024-08-07T11:20:24.361Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CEE9315-7511-417E-B2AE-29D126833594", "versionEndIncluding": "1.1.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E3834A3-8A7E-4914-A20C-EE694150D044", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96A991C-67A7-4C36-99C4-846BD2175F5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD7E2792-B4BC-4C71-990D-0B7462919568", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "10F2FD22-4058-45D6-8352-0AA6382746C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4F41DBD-6F06-40DC-A722-EC51B9ACC07D", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "96CA70E0-2533-417A-B8C4-F687BF256691", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1BF103AE-6F15-4F2D-A375-F2AF91171EE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65929D5C-31B1-4A70-8E9C-AC6749332480", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC45DB14-ABB2-4116-930D-349A81CDB982", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "0573F148-0204-4F6B-A7B7-12DDF61C7383", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "7D259740-FE5A-4D28-B554-FD176F9BD1FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "489040F9-1992-4030-9AFC-9855CFB8C1EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A9942F4B-6608-4828-988C-2F76EB73CC48", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "12D4C9D5-2A4F-4263-943C-1F46E0BB802E", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "FAA39999-2648-4EBB-A9CD-15FBE9900E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "4AD2742D-41F6-43F4-B90B-B75D54E08326", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "634E509D-7E46-43EE-BE38-7C3A7690761D", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "01E41E1B-BE16-4581-A503-CEC993D11A71", "vulnerable": true}, {"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B3C34D3-56B0-4539-8361-4EEBBD878777", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.  NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la funci\u00f3n DecodeImage de coders/pict.c de GraphicsMagick anterior a v1.1.14 y v1.2.x anterior a v1.2.3; permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o puede que ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen PICT manipulada. NOTA: algunos de los detalles se han obtenido de fuentes de terceros."}], "id": "CVE-2008-6071", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-10T06:59:34.313", "references": [{"source": "cve@mitre.org", "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30549"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=604785"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29583"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=604785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42906"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": ", CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick", "id": "516295", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=516295"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image.  NOTE: some of these details are obtained from third party information."], "name": "CVE-2008-6071", "public_date": "2007-03-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-6071\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-6071"], "statement": "The costs associated with fixing these bug are greater than the posed security risk.  We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.", "threat_severity": "Moderate"}