VYPR

Graphicsmagick

by Graphicsmagick

Source repositories

CVEs (128)

  • CVE-2017-11102HigJul 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.

  • CVE-2017-9098HigMay 19, 2017
    risk 0.49cvss 7.5epss 0.04

    ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that…

  • CVE-2016-8682HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.04

    The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.

  • CVE-2016-7800HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

  • CVE-2016-7449HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.03

    The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

  • CVE-2016-7448HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

  • CVE-2016-7997HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

  • CVE-2017-16353MedNov 1, 2017
    risk 0.46cvss 6.5epss 0.14

    GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the…

  • CVE-2017-15277MedOct 12, 2017
    risk 0.44cvss 6.5epss 0.19

    ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting…

  • CVE-2018-9018MedMar 25, 2018
    risk 0.43cvss 6.5epss 0.03

    In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

  • CVE-2017-18219MedMar 5, 2018
    risk 0.43cvss 6.5epss 0.04

    An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.

  • CVE-2017-14997MedOct 4, 2017
    risk 0.43cvss 6.5epss 0.03

    GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

  • CVE-2017-18231MedMar 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-18230MedMar 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-18229MedMar 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline,…

  • CVE-2018-5685MedJan 14, 2018
    risk 0.42cvss 6.5epss 0.02

    In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.

  • CVE-2017-14994MedOct 4, 2017
    risk 0.42cvss 6.5epss 0.03

    ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

  • CVE-2017-14733MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.02

    ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-14504MedSep 17, 2017
    risk 0.42cvss 6.5epss 0.02

    ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.

  • CVE-2017-14314MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

Page 3 of 7