Vulnerability Description
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Graphicsmagick | Graphicsmagick | <= 1.2.2 |
Related Weaknesses (CWE)
References
- http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c
- http://secunia.com/advisories/30549Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=604837
- http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485
- http://www.securityfocus.com/bid/29583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42904
- http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c
- http://secunia.com/advisories/30549Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=604837
- http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485
- http://www.securityfocus.com/bid/29583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42904
FAQ
What is CVE-2008-6070?
CVE-2008-6070 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbi...
How severe is CVE-2008-6070?
CVE-2008-6070 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6070?
Check the references section above for vendor advisories and patch information. Affected products include: Graphicsmagick Graphicsmagick.