rpm package
suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (250)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17782 | Hig | 8.8 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Dec 20, 2017 | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | |
| CVE-2017-17682 | Med | 6.5 | < 1.2.5-4.78.41.1 | 1.2.5-4.78.41.1 | Dec 14, 2017 | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | |
| CVE-2017-17504 | Med | 6.5 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Dec 11, 2017 | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | |
| CVE-2017-17503 | Hig | 8.8 | < 1.2.5-4.78.38.1 | 1.2.5-4.78.38.1 | Dec 11, 2017 | ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | |
| CVE-2017-17502 | Hig | 8.8 | < 1.2.5-4.78.38.1 | 1.2.5-4.78.38.1 | Dec 11, 2017 | ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | |
| CVE-2017-17501 | Hig | 8.8 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Dec 11, 2017 | WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. | |
| CVE-2017-17500 | Hig | 8.8 | < 1.2.5-4.78.41.1 | 1.2.5-4.78.41.1 | Dec 11, 2017 | ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | |
| CVE-2017-16669 | Hig | 8.8 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Nov 9, 2017 | coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | |
| CVE-2017-16547 | Hig | 8.8 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Nov 6, 2017 | The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified othe | |
| CVE-2017-16546 | Hig | 8.8 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Nov 5, 2017 | The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other | |
| CVE-2017-16545 | Hig | 8.8 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Nov 5, 2017 | The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via | |
| CVE-2017-16353 | Med | 6.5 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Nov 1, 2017 | GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I | |
| CVE-2017-16352 | Hig | 8.8 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Nov 1, 2017 | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a | |
| CVE-2017-15930 | Hig | 8.8 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Oct 27, 2017 | In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | |
| CVE-2017-15277 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Oct 12, 2017 | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting d | |
| CVE-2017-15238 | Hig | 8.8 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Oct 11, 2017 | ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | |
| CVE-2017-15218 | Med | 6.5 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Oct 10, 2017 | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | |
| CVE-2017-15033 | Hig | 7.5 | < 1.2.5-4.78.16.1 | 1.2.5-4.78.16.1 | Oct 5, 2017 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | |
| CVE-2017-15017 | Hig | 8.8 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | |
| CVE-2017-15016 | Hig | 8.8 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. |
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
- affected < 1.2.5-4.78.41.1fixed 1.2.5-4.78.41.1
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
- affected < 1.2.5-4.78.38.1fixed 1.2.5-4.78.38.1
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
- affected < 1.2.5-4.78.38.1fixed 1.2.5-4.78.38.1
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
- affected < 1.2.5-4.78.41.1fixed 1.2.5-4.78.41.1
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified othe
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the I
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting d
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
- affected < 1.2.5-4.78.16.1fixed 1.2.5-4.78.16.1
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
Page 3 of 13