Vendor
Graphicsmagick
Products
1
CVEs
73
Across products
234
Status
Private
Products
1- 234 CVEs
Recent CVEs
73| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5118 | Cri | 0.66 | 9.8 | 0.32 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |
| CVE-2017-11643 | Cri | 0.64 | 9.8 | 0.01 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | |
| CVE-2017-11641 | Cri | 0.64 | 9.8 | 0.00 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. | |
| CVE-2017-11637 | Cri | 0.64 | 9.8 | 0.00 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. | |
| CVE-2017-11636 | Cri | 0.64 | 9.8 | 0.01 | Jul 26, 2017 | GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. | |
| CVE-2017-11139 | Cri | 0.64 | 9.8 | 0.00 | Jul 10, 2017 | GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | |
| CVE-2017-16352 | Hig | 0.63 | 8.8 | 0.31 | Nov 1, 2017 | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. | |
| CVE-2017-17782 | Hig | 0.57 | 8.8 | 0.01 | Dec 20, 2017 | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | |
| CVE-2017-17503 | Hig | 0.57 | 8.8 | 0.01 | Dec 11, 2017 | ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | |
| CVE-2017-17502 | Hig | 0.57 | 8.8 | 0.01 | Dec 11, 2017 | ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | |
| CVE-2017-17501 | Hig | 0.57 | 8.8 | 0.02 | Dec 11, 2017 | WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. | |
| CVE-2017-17500 | Hig | 0.57 | 8.8 | 0.02 | Dec 11, 2017 | ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | |
| CVE-2017-17498 | Hig | 0.57 | 8.8 | 0.01 | Dec 11, 2017 | WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |
| CVE-2017-16669 | Hig | 0.57 | 8.8 | 0.01 | Nov 9, 2017 | coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | |
| CVE-2017-16547 | Hig | 0.57 | 8.8 | 0.01 | Nov 6, 2017 | The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | |
| CVE-2017-16545 | Hig | 0.57 | 8.8 | 0.00 | Nov 5, 2017 | The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. | |
| CVE-2017-15238 | Hig | 0.57 | 8.8 | 0.01 | Oct 11, 2017 | ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | |
| CVE-2017-13147 | Hig | 0.57 | 8.8 | 0.00 | Aug 23, 2017 | In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. | |
| CVE-2017-12937 | Hig | 0.57 | 8.8 | 0.01 | Aug 18, 2017 | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | |
| CVE-2017-12936 | Hig | 0.57 | 8.8 | 0.01 | Aug 18, 2017 | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. |