VYPR

Vendor CVEs

Graphicsmagick

All CVEs

128 total · sorted by risk
  • CVE-2017-18219MedMar 5, 2018
    risk 0.43cvss 6.5epss 0.04

    An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.

  • CVE-2017-14997MedOct 4, 2017
    risk 0.43cvss 6.5epss 0.03

    GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

  • CVE-2017-18231MedMar 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-18230MedMar 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-18229MedMar 14, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline,…

  • CVE-2018-5685MedJan 14, 2018
    risk 0.42cvss 6.5epss 0.02

    In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.

  • CVE-2017-14994MedOct 4, 2017
    risk 0.42cvss 6.5epss 0.03

    ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

  • CVE-2017-14733MedSep 25, 2017
    risk 0.42cvss 6.5epss 0.02

    ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-14504MedSep 17, 2017
    risk 0.42cvss 6.5epss 0.02

    ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.

  • CVE-2017-14314MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-14165MedSep 6, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.

  • CVE-2017-14042MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.

  • CVE-2017-13777MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request…

  • CVE-2017-13776MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request…

  • CVE-2017-13775MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.

  • CVE-2017-13737MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.03

    There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.

  • CVE-2017-13736MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.02

    There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.

  • CVE-2017-13648MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.01

    In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.

  • CVE-2017-13134MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-13066MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.01

    GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.

  • CVE-2017-13065MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.

  • CVE-2017-13064MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.

  • CVE-2017-13063MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.

  • CVE-2017-11722MedJul 28, 2017
    risk 0.42cvss 6.5epss 0.02

    The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This…

  • CVE-2017-14649MedSep 21, 2017
    risk 0.36cvss 5.5epss 0.01

    ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).

  • CVE-2017-11140MedJul 10, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.

  • CVE-2017-10800MedJul 3, 2017
    risk 0.36cvss 5.5epss 0.01

    When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.

  • CVE-2017-10799MedJul 3, 2017
    risk 0.36cvss 5.5epss 0.01

    When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().

  • CVE-2017-10794MedJul 2, 2017
    risk 0.36cvss 5.5epss 0.02

    When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.

  • CVE-2017-6335MedMar 14, 2017
    risk 0.36cvss 5.5epss 0.02

    The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.

  • CVE-2016-9830MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

  • CVE-2016-5240MedFeb 27, 2017
    risk 0.36cvss 5.5epss 0.02

    The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

  • CVE-2016-5241MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

  • CVE-2016-2318MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.

  • CVE-2016-2317MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in…

  • CVE-2015-8808MedJul 13, 2016
    risk 0.36cvss 5.5epss 0.02

    The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

  • CVE-2005-1275Apr 25, 2005
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

  • CVE-2009-1882Jun 2, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of…

  • CVE-2008-6071Feb 10, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details…

  • CVE-2025-32460Apr 9, 2025
    risk 0.00cvss epss 0.00

    GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.

  • CVE-2025-27796Mar 7, 2025
    risk 0.00cvss epss 0.00

    ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

  • CVE-2025-27795Mar 7, 2025
    risk 0.00cvss epss 0.00

    ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

  • CVE-2020-21679Aug 22, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.

  • CVE-2022-1270Sep 28, 2022
    risk 0.00cvss epss 0.00

    In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.

  • CVE-2020-12672May 6, 2020
    risk 0.00cvss epss 0.03

    GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

  • CVE-2020-10938Mar 24, 2020
    risk 0.00cvss epss 0.05

    GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

  • CVE-2019-12921Mar 18, 2020
    risk 0.00cvss epss 0.08

    In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

  • CVE-2019-19950Dec 24, 2019
    risk 0.00cvss epss 0.03

    In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.

  • CVE-2019-19951Dec 24, 2019
    risk 0.00cvss epss 0.03

    In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.

  • CVE-2019-19953Dec 24, 2019
    risk 0.00cvss epss 0.03

    In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.