VYPR

rpm package

suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (250)

  • CVE-2016-7101MedJan 18, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.

  • CVE-2016-6823HigJan 18, 2017
    affected < 1.2.5-4.46.1fixed 1.2.5-4.46.1

    Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.

  • CVE-2016-5688HigDec 13, 2016
    affected < 1.2.5-4.41.1fixed 1.2.5-4.41.1

    The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu

  • CVE-2015-8808MedJul 13, 2016
    affected < 1.2.5-4.38.1fixed 1.2.5-4.38.1

    The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

  • CVE-2016-5118CriJun 10, 2016
    affected < 1.2.5-4.38.1fixed 1.2.5-4.38.1

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

  • CVE-2016-3718MedKEVMay 5, 2016
    affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3717MedMay 5, 2016
    affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1

    The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2016-3714HigKEVMay 5, 2016
    affected < 1.2.5-4.35.1fixed 1.2.5-4.35.1

    The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

  • CVE-2013-4589Nov 23, 2013
    affected < 1.2.5-4.38.1fixed 1.2.5-4.38.1

    The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

Page 13 of 13