Graphicsmagick
Sign in to watchCVEs (73)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13776 | Med | 0.42 | 6.5 | 0.01 | Aug 30, 2017 | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | |
| CVE-2017-13775 | Med | 0.42 | 6.5 | 0.02 | Aug 30, 2017 | GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | |
| CVE-2017-13737 | Med | 0.42 | 6.5 | 0.02 | Aug 29, 2017 | There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |
| CVE-2017-13736 | Med | 0.42 | 6.5 | 0.01 | Aug 29, 2017 | There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |
| CVE-2017-13648 | Med | 0.42 | 6.5 | 0.00 | Aug 23, 2017 | In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. | |
| CVE-2017-13066 | Med | 0.42 | 6.5 | 0.00 | Aug 22, 2017 | GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. | |
| CVE-2017-13065 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2017 | GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | |
| CVE-2017-13064 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2017 | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. | |
| CVE-2017-13063 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2017 | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | |
| CVE-2017-11722 | Med | 0.42 | 6.5 | 0.01 | Jul 28, 2017 | The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. | |
| CVE-2017-14649 | Med | 0.36 | 5.5 | 0.00 | Sep 21, 2017 | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | |
| CVE-2017-11140 | Med | 0.36 | 5.5 | 0.01 | Jul 10, 2017 | The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. | |
| CVE-2017-10800 | Med | 0.36 | 5.5 | 0.00 | Jul 3, 2017 | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. | |
| CVE-2017-10799 | Med | 0.36 | 5.5 | 0.00 | Jul 3, 2017 | When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |
| CVE-2017-10794 | Med | 0.36 | 5.5 | 0.00 | Jul 2, 2017 | When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | |
| CVE-2017-6335 | Med | 0.36 | 5.5 | 0.01 | Mar 14, 2017 | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. | |
| CVE-2016-9830 | Med | 0.36 | 5.5 | 0.01 | Mar 1, 2017 | The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |
| CVE-2016-5240 | Med | 0.36 | 5.5 | 0.01 | Feb 27, 2017 | The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | |
| CVE-2005-1275 | 0.04 | — | 0.16 | Apr 25, 2005 | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | ||
| CVE-2007-0770 | 0.01 | — | 0.07 | Feb 12, 2007 | Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. |
Page 3 of 4