rpm package
opensuse/GraphicsMagick&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Tumbleweed
Vulnerabilities (36)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7996 | Cri | 9.8 | < 1.3.36-1.7 | 1.3.36-1.7 | Jan 18, 2017 | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. | |
| CVE-2016-5118 | Cri | 9.8 | < 1.3.25-1.1 | 1.3.25-1.1 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |
| CVE-2016-3718 | Med | 5.5 | KEV | < 1.3.25-1.1 | 1.3.25-1.1 | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
| CVE-2016-3717 | Med | 5.5 | < 1.3.25-1.1 | 1.3.25-1.1 | May 5, 2016 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |
| CVE-2016-3715 | Med | 5.5 | KEV | < 1.3.25-1.1 | 1.3.25-1.1 | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
| CVE-2016-3714 | Hig | 8.4 | KEV | < 1.3.25-1.1 | 1.3.25-1.1 | May 5, 2016 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." |
| CVE-2012-3438 | — | < 1.3.25-1.1 | 1.3.25-1.1 | Aug 7, 2012 | The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. | ||
| CVE-2009-3736 | — | < 1.3.25-1.1 | 1.3.25-1.1 | Nov 29, 2009 | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
| CVE-2009-1882 | — | < 1.3.25-1.1 | 1.3.25-1.1 | Jun 2, 2009 | Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of t | ||
| CVE-2008-1097 | — | < 1.3.36-1.7 | 1.3.36-1.7 | Mar 5, 2008 | Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via | ||
| CVE-2008-1096 | — | < 1.3.36-1.7 | 1.3.36-1.7 | Mar 5, 2008 | The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-b | ||
| CVE-2007-4988 | Hig | 7.8 | < 1.3.36-1.7 | 1.3.36-1.7 | Sep 24, 2007 | Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | |
| CVE-2007-4985 | — | < 1.3.36-1.7 | 1.3.36-1.7 | Sep 24, 2007 | ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, relat | ||
| CVE-2007-1797 | — | < 1.3.36-1.7 | 1.3.36-1.7 | Apr 2, 2007 | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which re | ||
| CVE-2006-5456 | — | < 1.3.36-1.7 | 1.3.36-1.7 | Oct 23, 2006 | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PA | ||
| CVE-2006-3744 | — | < 1.3.36-1.7 | 1.3.36-1.7 | Aug 25, 2006 | Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. |
- affected < 1.3.36-1.7fixed 1.3.36-1.7
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
- affected < 1.3.25-1.1fixed 1.3.25-1.1
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
- affected < 1.3.25-1.1fixed 1.3.25-1.1
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- affected < 1.3.25-1.1fixed 1.3.25-1.1
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
- affected < 1.3.25-1.1fixed 1.3.25-1.1
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- affected < 1.3.25-1.1fixed 1.3.25-1.1
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
- CVE-2012-3438Aug 7, 2012affected < 1.3.25-1.1fixed 1.3.25-1.1
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
- CVE-2009-3736Nov 29, 2009affected < 1.3.25-1.1fixed 1.3.25-1.1
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
- CVE-2009-1882Jun 2, 2009affected < 1.3.25-1.1fixed 1.3.25-1.1
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of t
- CVE-2008-1097Mar 5, 2008affected < 1.3.36-1.7fixed 1.3.36-1.7
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via
- CVE-2008-1096Mar 5, 2008affected < 1.3.36-1.7fixed 1.3.36-1.7
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-b
- affected < 1.3.36-1.7fixed 1.3.36-1.7
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
- CVE-2007-4985Sep 24, 2007affected < 1.3.36-1.7fixed 1.3.36-1.7
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, relat
- CVE-2007-1797Apr 2, 2007affected < 1.3.36-1.7fixed 1.3.36-1.7
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which re
- CVE-2006-5456Oct 23, 2006affected < 1.3.36-1.7fixed 1.3.36-1.7
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PA
- CVE-2006-3744Aug 25, 2006affected < 1.3.36-1.7fixed 1.3.36-1.7
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
Page 2 of 2