Filtered by vendor Graphicsmagick
Subscribe
Search
Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14733 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
| CVE-2017-14994 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | |||||
| CVE-2017-13737 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |||||
| CVE-2017-14997 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 7.1 HIGH | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | |||||
| CVE-2017-17500 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-17501 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-17502 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-17503 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | |||||
| CVE-2017-13064 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. | |||||
| CVE-2017-13065 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | |||||
| CVE-2017-12935 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | |||||
| CVE-2017-12936 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | |||||
| CVE-2017-14504 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | |||||
| CVE-2017-13063 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | |||||
| CVE-2017-15238 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | |||||
| CVE-2017-15930 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | |||||
| CVE-2018-6799 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. | |||||
| CVE-2019-11009 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Leap | 2019-05-23 | 5.8 MEDIUM | 8.1 HIGH |
| In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. | |||||
| CVE-2019-11473 | 1 Graphicsmagick | 1 Graphicsmagick | 2019-05-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | |||||
| CVE-2017-11139 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | |||||
| CVE-2018-5360 | 2 Graphicsmagick, Libtiff | 2 Graphicsmagick, Libtiff | 2019-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. | |||||
| CVE-2016-7447 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-7446 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | |||||
| CVE-2017-10799 | 1 Graphicsmagick | 1 Graphicsmagick | 2019-04-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |||||
| CVE-2016-5241 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | |||||
| CVE-2016-7449 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | |||||
| CVE-2016-7800 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-7448 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2019-04-12 | 7.8 HIGH | 7.5 HIGH |
| The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | |||||
| CVE-2016-2318 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | |||||
| CVE-2016-8684 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |||||
| CVE-2016-8682 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |||||
| CVE-2016-9830 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |||||
| CVE-2016-2317 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | |||||
| CVE-2016-8683 | 3 Debian, Graphicsmagick, Opensuse | 3 Debian Linux, Graphicsmagick, Opensuse | 2018-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |||||
| CVE-2017-11102 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 5.0 MEDIUM | 7.5 HIGH |
| The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. | |||||
| CVE-2017-16545 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. | |||||
| CVE-2017-16547 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-11722 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. | |||||
| CVE-2017-17498 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-11643 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | |||||
| CVE-2017-11642 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. | |||||
| CVE-2017-11638 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. | |||||
| CVE-2017-11637 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. | |||||
| CVE-2017-11636 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. | |||||
| CVE-2017-11403 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. | |||||
| CVE-2017-10800 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | |||||
| CVE-2017-10794 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | |||||
| CVE-2017-18220 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. | |||||
| CVE-2017-15277 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | |||||
| CVE-2006-5456 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | |||||