VYPR

Graphicsmagick

by Graphicsmagick

Source repositories

CVEs (128)

  • CVE-2016-5118CriJun 10, 2016
    risk 0.68cvss 9.8epss 0.50

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

  • CVE-2017-11643CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.

  • CVE-2017-11641CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

  • CVE-2017-11637CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.

  • CVE-2017-11636CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.03

    GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.

  • CVE-2017-11139CriJul 10, 2017
    risk 0.64cvss 9.8epss 0.03

    GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

  • CVE-2016-5239CriMar 15, 2017
    risk 0.64cvss 9.8epss 0.03

    The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2016-7447CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-7446CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

  • CVE-2016-7996CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

  • CVE-2017-16352HigNov 1, 2017
    risk 0.61cvss 8.8epss 0.15

    GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on…

  • CVE-2017-14103HigSep 1, 2017
    risk 0.60cvss 8.8epss 0.30

    The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage…

  • CVE-2017-12936HigAug 18, 2017
    risk 0.59cvss 8.8epss 0.25

    The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

  • CVE-2017-11403HigJul 18, 2017
    risk 0.59cvss 8.8epss 0.28

    The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.

  • CVE-2017-18220HigMar 5, 2018
    risk 0.58cvss 8.8epss 0.04

    The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.

  • CVE-2018-6799HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.03

    The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.

  • CVE-2018-5360HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.02

    LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

  • CVE-2017-17915HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

  • CVE-2017-17913HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.

  • CVE-2017-17912HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.

Page 1 of 7