VYPR

rpm package

suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (250)

  • CVE-2016-9830MedMar 1, 2017
    affected < 1.2.5-4.59.1fixed 1.2.5-4.59.1

    The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

  • CVE-2016-9559MedMar 1, 2017
    affected < 1.2.5-4.59.1fixed 1.2.5-4.59.1

    coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

  • CVE-2016-5240MedFeb 27, 2017
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

  • CVE-2015-8903MedFeb 27, 2017
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.

  • CVE-2015-8901MedFeb 27, 2017
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.

  • CVE-2016-8866HigFeb 15, 2017
    affected < 1.2.5-4.59.1fixed 1.2.5-4.59.1

    The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-

  • CVE-2016-8862HigFeb 15, 2017
    affected < 1.2.5-4.52.1fixed 1.2.5-4.52.1

    The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.

  • CVE-2016-8684HigFeb 15, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

  • CVE-2016-8683HigFeb 15, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

  • CVE-2016-8682HigFeb 15, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.

  • CVE-2016-7800HigFeb 6, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

  • CVE-2016-7449HigFeb 6, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

  • CVE-2016-7448HigFeb 6, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

  • CVE-2016-7447CriFeb 6, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-7446CriFeb 6, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

  • CVE-2016-5241MedFeb 3, 2017
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

  • CVE-2016-2318MedFeb 3, 2017
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

  • CVE-2016-2317MedFeb 3, 2017
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in code

  • CVE-2016-7997HigJan 18, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

  • CVE-2016-7996CriJan 18, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

Page 12 of 13