VYPR

Vendor CVEs

Graphicsmagick

All CVEs

128 total · sorted by risk
  • CVE-2016-5118CriJun 10, 2016
    risk 0.68cvss 9.8epss 0.50

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

  • CVE-2017-11643CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.

  • CVE-2017-11641CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

  • CVE-2017-11637CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.

  • CVE-2017-11636CriJul 26, 2017
    risk 0.64cvss 9.8epss 0.03

    GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.

  • CVE-2017-11139CriJul 10, 2017
    risk 0.64cvss 9.8epss 0.03

    GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.

  • CVE-2016-5239CriMar 15, 2017
    risk 0.64cvss 9.8epss 0.03

    The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2016-7447CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

  • CVE-2016-7446CriFeb 6, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.

  • CVE-2016-7996CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.04

    Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

  • CVE-2017-16352HigNov 1, 2017
    risk 0.61cvss 8.8epss 0.15

    GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on…

  • CVE-2017-14103HigSep 1, 2017
    risk 0.60cvss 8.8epss 0.30

    The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage…

  • CVE-2017-12936HigAug 18, 2017
    risk 0.59cvss 8.8epss 0.25

    The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.

  • CVE-2017-11403HigJul 18, 2017
    risk 0.59cvss 8.8epss 0.28

    The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.

  • CVE-2017-18220HigMar 5, 2018
    risk 0.58cvss 8.8epss 0.04

    The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.

  • CVE-2018-6799HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.03

    The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.

  • CVE-2018-5360HigJan 14, 2018
    risk 0.57cvss 8.8epss 0.02

    LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

  • CVE-2017-17915HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

  • CVE-2017-17913HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.

  • CVE-2017-17912HigDec 27, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.

  • CVE-2017-17782HigDec 20, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.

  • CVE-2017-17503HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.

  • CVE-2017-17502HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.02

    ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.

  • CVE-2017-17501HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.03

    WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.

  • CVE-2017-17500HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.03

    ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.

  • CVE-2017-17498HigDec 11, 2017
    risk 0.57cvss 8.8epss 0.03

    WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-16669HigNov 9, 2017
    risk 0.57cvss 8.8epss 0.03

    coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.

  • CVE-2017-16547HigNov 6, 2017
    risk 0.57cvss 8.8epss 0.02

    The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified…

  • CVE-2017-16545HigNov 5, 2017
    risk 0.57cvss 8.8epss 0.02

    The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via…

  • CVE-2017-15930HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.03

    In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.

  • CVE-2017-15238HigOct 11, 2017
    risk 0.57cvss 8.8epss 0.02

    ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.

  • CVE-2017-13147HigAug 23, 2017
    risk 0.57cvss 8.8epss 0.02

    In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.

  • CVE-2017-12937HigAug 18, 2017
    risk 0.57cvss 8.8epss 0.02

    The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.

  • CVE-2017-12935HigAug 18, 2017
    risk 0.57cvss 8.8epss 0.02

    The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.

  • CVE-2017-11642HigJul 26, 2017
    risk 0.57cvss 8.8epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.

  • CVE-2017-11638HigJul 26, 2017
    risk 0.57cvss 8.8epss 0.02

    GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.

  • CVE-2026-13606impJun 28, 2026
    risk 0.53cvss 8.1epss

    GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file

  • CVE-2016-8684HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

  • CVE-2016-8683HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.02

    The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."

  • CVE-2017-17783HigDec 20, 2017
    risk 0.49cvss 7.5epss 0.02

    In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.

  • CVE-2017-11102HigJul 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.

  • CVE-2017-9098HigMay 19, 2017
    risk 0.49cvss 7.5epss 0.04

    ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that…

  • CVE-2016-8682HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.04

    The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.

  • CVE-2016-7800HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

  • CVE-2016-7449HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.03

    The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.

  • CVE-2016-7448HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

  • CVE-2016-7997HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

  • CVE-2017-16353MedNov 1, 2017
    risk 0.46cvss 6.5epss 0.14

    GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the…

  • CVE-2017-15277MedOct 12, 2017
    risk 0.44cvss 6.5epss 0.19

    ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting…

  • CVE-2018-9018MedMar 25, 2018
    risk 0.43cvss 6.5epss 0.03

    In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.

Page 1 of 3