rpm package
opensuse/GraphicsMagick&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/GraphicsMagick&distro=openSUSE%20Tumbleweed
Vulnerabilities (36)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42050 | Med | 5.5 | < 1.3.46-7.1 | 1.3.46-7.1 | May 11, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item. | |
| CVE-2026-33535 | Med | 4.0 | < 1.3.46-6.1 | 1.3.46-6.1 | Mar 26, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the | |
| CVE-2026-30883 | — | < 1.3.46-3.1 | 1.3.46-3.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13- | ||
| CVE-2026-28690 | — | < 1.3.46-4.1 | 1.3.46-4.1 | Mar 9, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker | ||
| CVE-2026-26284 | — | < 1.3.46-5.1 | 1.3.46-5.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that | ||
| CVE-2026-25799 | — | < 1.3.46-2.1 | 1.3.46-2.1 | Feb 24, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image | ||
| CVE-2025-32460 | — | < 1.3.45-3.1 | 1.3.45-3.1 | Apr 9, 2025 | GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. | ||
| CVE-2025-27796 | — | < 1.3.45-2.1 | 1.3.45-2.1 | Mar 7, 2025 | ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. | ||
| CVE-2025-27795 | — | < 1.3.45-2.1 | 1.3.45-2.1 | Mar 7, 2025 | ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. | ||
| CVE-2022-1270 | — | < 1.3.38-1.1 | 1.3.38-1.1 | Sep 28, 2022 | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | ||
| CVE-2020-12672 | — | < 1.3.36-1.7 | 1.3.36-1.7 | May 6, 2020 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | ||
| CVE-2017-10800 | Med | 5.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Jul 3, 2017 | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | |
| CVE-2017-10799 | Med | 5.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Jul 3, 2017 | When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |
| CVE-2017-10794 | Med | 5.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Jul 2, 2017 | When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | |
| CVE-2017-8350 | Med | 6.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Apr 30, 2017 | In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-6335 | Med | 5.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Mar 14, 2017 | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. | |
| CVE-2016-9830 | Med | 5.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Mar 1, 2017 | The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |
| CVE-2016-7800 | Hig | 7.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Feb 6, 2017 | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | |
| CVE-2016-2317 | Med | 5.5 | < 1.3.25-1.1 | 1.3.25-1.1 | Feb 3, 2017 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in code | |
| CVE-2016-7997 | Hig | 7.5 | < 1.3.36-1.7 | 1.3.36-1.7 | Jan 18, 2017 | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. |
- affected < 1.3.46-7.1fixed 1.3.46-7.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item.
- affected < 1.3.46-6.1fixed 1.3.46-6.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the
- CVE-2026-30883Mar 9, 2026affected < 1.3.46-3.1fixed 1.3.46-3.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-
- CVE-2026-28690Mar 9, 2026affected < 1.3.46-4.1fixed 1.3.46-4.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker
- CVE-2026-26284Feb 24, 2026affected < 1.3.46-5.1fixed 1.3.46-5.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that
- CVE-2026-25799Feb 24, 2026affected < 1.3.46-2.1fixed 1.3.46-2.1
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image
- CVE-2025-32460Apr 9, 2025affected < 1.3.45-3.1fixed 1.3.45-3.1
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
- CVE-2025-27796Mar 7, 2025affected < 1.3.45-2.1fixed 1.3.45-2.1
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
- CVE-2025-27795Mar 7, 2025affected < 1.3.45-2.1fixed 1.3.45-2.1
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
- CVE-2022-1270Sep 28, 2022affected < 1.3.38-1.1fixed 1.3.38-1.1
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
- CVE-2020-12672May 6, 2020affected < 1.3.36-1.7fixed 1.3.36-1.7
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
- affected < 1.3.36-1.7fixed 1.3.36-1.7
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
- affected < 1.3.36-1.7fixed 1.3.36-1.7
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
- affected < 1.3.36-1.7fixed 1.3.36-1.7
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
- affected < 1.3.36-1.7fixed 1.3.36-1.7
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
- affected < 1.3.36-1.7fixed 1.3.36-1.7
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
- affected < 1.3.36-1.7fixed 1.3.36-1.7
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
- affected < 1.3.36-1.7fixed 1.3.36-1.7
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
- affected < 1.3.25-1.1fixed 1.3.25-1.1
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in code
- affected < 1.3.36-1.7fixed 1.3.36-1.7
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
Page 1 of 2