rpm package
suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (250)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9830 | Med | 5.5 | < 1.2.5-4.59.1 | 1.2.5-4.59.1 | Mar 1, 2017 | The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |
| CVE-2016-9559 | Med | 6.5 | < 1.2.5-4.59.1 | 1.2.5-4.59.1 | Mar 1, 2017 | coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. | |
| CVE-2016-5240 | Med | 5.5 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Feb 27, 2017 | The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | |
| CVE-2015-8903 | Med | 6.5 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Feb 27, 2017 | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | |
| CVE-2015-8901 | Med | 6.5 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Feb 27, 2017 | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |
| CVE-2016-8866 | Hig | 8.8 | < 1.2.5-4.59.1 | 1.2.5-4.59.1 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE- | |
| CVE-2016-8862 | Hig | 8.8 | < 1.2.5-4.52.1 | 1.2.5-4.52.1 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |
| CVE-2016-8684 | Hig | 7.8 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 15, 2017 | The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |
| CVE-2016-8683 | Hig | 7.8 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 15, 2017 | The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |
| CVE-2016-8682 | Hig | 7.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 15, 2017 | The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |
| CVE-2016-7800 | Hig | 7.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 6, 2017 | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | |
| CVE-2016-7449 | Hig | 7.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 6, 2017 | The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. | |
| CVE-2016-7448 | Hig | 7.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 6, 2017 | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. | |
| CVE-2016-7447 | Cri | 9.8 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 6, 2017 | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-7446 | Cri | 9.8 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Feb 6, 2017 | Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | |
| CVE-2016-5241 | Med | 5.5 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Feb 3, 2017 | magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | |
| CVE-2016-2318 | Med | 5.5 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Feb 3, 2017 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | |
| CVE-2016-2317 | Med | 5.5 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Feb 3, 2017 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in code | |
| CVE-2016-7997 | Hig | 7.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Jan 18, 2017 | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |
| CVE-2016-7996 | Cri | 9.8 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Jan 18, 2017 | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. |
- affected < 1.2.5-4.59.1fixed 1.2.5-4.59.1
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
- affected < 1.2.5-4.59.1fixed 1.2.5-4.59.1
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
- affected < 1.2.5-4.59.1fixed 1.2.5-4.59.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-
- affected < 1.2.5-4.52.1fixed 1.2.5-4.52.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in code
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
Page 12 of 13