rpm package
suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (250)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7101 | Med | 6.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Jan 18, 2017 | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |
| CVE-2016-6823 | Hig | 7.5 | < 1.2.5-4.46.1 | 1.2.5-4.46.1 | Jan 18, 2017 | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | |
| CVE-2016-5688 | Hig | 8.1 | < 1.2.5-4.41.1 | 1.2.5-4.41.1 | Dec 13, 2016 | The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu | |
| CVE-2015-8808 | Med | 5.5 | < 1.2.5-4.38.1 | 1.2.5-4.38.1 | Jul 13, 2016 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | |
| CVE-2016-5118 | Cri | 9.8 | < 1.2.5-4.38.1 | 1.2.5-4.38.1 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |
| CVE-2016-3718 | Med | 5.5 | KEV | < 1.2.5-4.35.1 | 1.2.5-4.35.1 | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
| CVE-2016-3717 | Med | 5.5 | < 1.2.5-4.35.1 | 1.2.5-4.35.1 | May 5, 2016 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |
| CVE-2016-3715 | Med | 5.5 | KEV | < 1.2.5-4.35.1 | 1.2.5-4.35.1 | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
| CVE-2016-3714 | Hig | 8.4 | KEV | < 1.2.5-4.35.1 | 1.2.5-4.35.1 | May 5, 2016 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." |
| CVE-2013-4589 | — | < 1.2.5-4.38.1 | 1.2.5-4.38.1 | Nov 23, 2013 | The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. |
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
- affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
- affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu
- affected < 1.2.5-4.38.1fixed 1.2.5-4.38.1
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
- affected < 1.2.5-4.38.1fixed 1.2.5-4.38.1
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
- affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
- affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
- CVE-2013-4589Nov 23, 2013affected < 1.2.5-4.38.1fixed 1.2.5-4.38.1
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
Page 13 of 13