CVE-2008-6071Improper Restriction of Operations within the Bounds of a Memory Buffer in Graphicsmagick

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents6 sources
Severity
10.0CRITICALNVD
EPSS
6.1%
top 9.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GraphicsmagickDebian Graphicsmagick
Timeline
PublishedFeb 10
Latest updateMay 17

Description

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

debiandebian/graphicsmagick< graphicsmagick 1.2.3-1 (bookworm)
Debiangraphicsmagick/graphicsmagick< 1.2.3-1+3

🔴Vulnerability Details

2
GHSA
GHSA-225x-8vf5-vqv6: Heap-based buffer overflow in the DecodeImage function in coders/pict2022-05-17
OSV
CVE-2008-6071: Heap-based buffer overflow in the DecodeImage function in coders/pict2009-02-10

📋Vendor Advisories

5
Debian
CVE-2008-6071: graphicsmagick - Heap-based buffer overflow in the DecodeImage function in coders/pict.c in Graph...2008
Red Hat
, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick2007-03-01
Red Hat
, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick2007-03-01
Red Hat
, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick2007-03-01
Red Hat
, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick2007-03-01

💬Community

1
Bugzilla
CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621 multiple security issues in ImageMagick2009-08-07