VYPR

rpm package

suse/GraphicsMagick&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/GraphicsMagick&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (250)

  • CVE-2017-14997MedOct 4, 2017
    affected < 1.2.5-78.78.1fixed 1.2.5-78.78.1

    GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

  • CVE-2017-14994MedOct 4, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

  • CVE-2017-14733MedSep 25, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-14649MedSep 21, 2017
    affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1

    ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

  • CVE-2017-14505MedSep 17, 2017
    affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1

    DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Imag

  • CVE-2017-14343MedSep 12, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.

  • CVE-2017-14342MedSep 12, 2017
    affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1

    ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

  • CVE-2017-14341MedSep 12, 2017
    affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1

    ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.

  • CVE-2017-14314MedSep 12, 2017
    affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1

    Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-14249MedSep 11, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-14224HigSep 9, 2017
    affected < 1.2.5-4.78.38.1fixed 1.2.5-4.78.38.1

    A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.

  • CVE-2017-14174MedSep 7, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is pro

  • CVE-2017-14165MedSep 6, 2017
    affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1

    The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.

  • CVE-2017-12693MedSep 1, 2017
    affected < 1.2.5-78.44.1fixed 1.2.5-78.44.1

    The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.

  • CVE-2017-12691MedSep 1, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-14103HigSep 1, 2017
    affected < 1.2.5-4.78.33.1fixed 1.2.5-4.78.33.1

    The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order

  • CVE-2017-14042MedAug 30, 2017
    affected < 1.2.5-4.78.28.2fixed 1.2.5-4.78.28.2

    A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

  • CVE-2017-13777MedAug 30, 2017
    affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1

    GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it

  • CVE-2017-13776MedAug 30, 2017
    affected < 1.2.5-4.78.19.1fixed 1.2.5-4.78.19.1

    GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it

  • CVE-2017-13758MedAug 29, 2017
    affected < 1.2.5-78.61.1fixed 1.2.5-78.61.1

    In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.

Page 4 of 13