rpm package
suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (250)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14997 | Med | 6.5 | < 1.2.5-78.78.1 | 1.2.5-78.78.1 | Oct 4, 2017 | GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | |
| CVE-2017-14994 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Oct 4, 2017 | ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | |
| CVE-2017-14733 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Sep 25, 2017 | ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |
| CVE-2017-14649 | Med | 5.5 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Sep 21, 2017 | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | |
| CVE-2017-14505 | Med | 6.5 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Sep 17, 2017 | DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag | |
| CVE-2017-14343 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | |
| CVE-2017-14342 | Med | 6.5 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | |
| CVE-2017-14341 | Med | 6.5 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | |
| CVE-2017-14314 | Med | 6.5 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Sep 12, 2017 | Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | |
| CVE-2017-14249 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Sep 11, 2017 | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | |
| CVE-2017-14224 | Hig | 8.8 | < 1.2.5-4.78.38.1 | 1.2.5-4.78.38.1 | Sep 9, 2017 | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |
| CVE-2017-14174 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Sep 7, 2017 | In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro | |
| CVE-2017-14165 | Med | 6.5 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Sep 6, 2017 | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. | |
| CVE-2017-12693 | Med | 6.5 | < 1.2.5-78.44.1 | 1.2.5-78.44.1 | Sep 1, 2017 | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | |
| CVE-2017-12691 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Sep 1, 2017 | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |
| CVE-2017-14103 | Hig | 8.8 | < 1.2.5-4.78.33.1 | 1.2.5-4.78.33.1 | Sep 1, 2017 | The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order | |
| CVE-2017-14042 | Med | 6.5 | < 1.2.5-4.78.28.2 | 1.2.5-4.78.28.2 | Aug 30, 2017 | A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. | |
| CVE-2017-13777 | Med | 6.5 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Aug 30, 2017 | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it | |
| CVE-2017-13776 | Med | 6.5 | < 1.2.5-4.78.19.1 | 1.2.5-4.78.19.1 | Aug 30, 2017 | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it | |
| CVE-2017-13758 | Med | 6.5 | < 1.2.5-78.61.1 | 1.2.5-78.61.1 | Aug 29, 2017 | In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. |
- affected < 1.2.5-78.78.1fixed 1.2.5-78.78.1
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
- affected < 1.2.5-4.78.38.1fixed 1.2.5-4.78.38.1
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
- affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
- affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order
- affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it
- affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it
- affected < 1.2.5-78.61.1fixed 1.2.5-78.61.1
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
Page 4 of 13