Graphicsmagick
Source repositories
CVEs (128)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9830 | Med | 0.36 | 5.5 | 0.02 | Mar 1, 2017 | The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | ||
| CVE-2016-5240 | Med | 0.36 | 5.5 | 0.02 | Feb 27, 2017 | The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. | ||
| CVE-2016-5241 | Med | 0.36 | 5.5 | 0.02 | Feb 3, 2017 | magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | ||
| CVE-2016-2318 | Med | 0.36 | 5.5 | 0.02 | Feb 3, 2017 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | ||
| CVE-2016-2317 | Med | 0.36 | 5.5 | 0.02 | Feb 3, 2017 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in… | ||
| CVE-2015-8808 | Med | 0.36 | 5.5 | 0.02 | Jul 13, 2016 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | ||
| CVE-2005-1275 | 0.04 | — | 0.14 | Apr 25, 2005 | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | |||
| CVE-2009-1882 | 0.01 | — | 0.07 | Jun 2, 2009 | Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of… | |||
| CVE-2008-6071 | 0.01 | — | 0.07 | Feb 10, 2009 | Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details… | |||
| CVE-2025-32460 | 0.00 | — | 0.00 | Apr 9, 2025 | GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. | |||
| CVE-2025-27795 | 0.00 | — | 0.00 | Mar 7, 2025 | ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. | |||
| CVE-2025-27796 | 0.00 | — | 0.00 | Mar 7, 2025 | ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. | |||
| CVE-2020-21679 | 0.00 | — | 0.00 | Aug 22, 2023 | Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. | |||
| CVE-2022-1270 | 0.00 | — | 0.00 | Sep 28, 2022 | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | |||
| CVE-2020-12672 | 0.00 | — | 0.03 | May 6, 2020 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | |||
| CVE-2020-10938 | 0.00 | — | 0.05 | Mar 24, 2020 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | |||
| CVE-2019-12921 | 0.00 | — | 0.08 | Mar 18, 2020 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | |||
| CVE-2019-19950 | 0.00 | — | 0.03 | Dec 24, 2019 | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | |||
| CVE-2019-19951 | 0.00 | — | 0.03 | Dec 24, 2019 | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | |||
| CVE-2019-19953 | 0.00 | — | 0.03 | Dec 24, 2019 | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
- risk 0.36cvss 5.5epss 0.02
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
- risk 0.36cvss 5.5epss 0.02
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
- risk 0.36cvss 5.5epss 0.02
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
- risk 0.36cvss 5.5epss 0.02
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
- risk 0.36cvss 5.5epss 0.02
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in…
- risk 0.36cvss 5.5epss 0.02
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
- CVE-2005-1275Apr 25, 2005risk 0.04cvss —epss 0.14
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.
- CVE-2009-1882Jun 2, 2009risk 0.01cvss —epss 0.07
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of…
- CVE-2008-6071Feb 10, 2009risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details…
- CVE-2025-32460Apr 9, 2025risk 0.00cvss —epss 0.00
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
- CVE-2025-27795Mar 7, 2025risk 0.00cvss —epss 0.00
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
- CVE-2025-27796Mar 7, 2025risk 0.00cvss —epss 0.00
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
- CVE-2020-21679Aug 22, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
- CVE-2022-1270Sep 28, 2022risk 0.00cvss —epss 0.00
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
- CVE-2020-12672May 6, 2020risk 0.00cvss —epss 0.03
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
- CVE-2020-10938Mar 24, 2020risk 0.00cvss —epss 0.05
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
- CVE-2019-12921Mar 18, 2020risk 0.00cvss —epss 0.08
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
- CVE-2019-19950Dec 24, 2019risk 0.00cvss —epss 0.03
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
- CVE-2019-19951Dec 24, 2019risk 0.00cvss —epss 0.03
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
- CVE-2019-19953Dec 24, 2019risk 0.00cvss —epss 0.03
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Page 5 of 7