Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Graphicsmagick Subscribe
Filtered by product Graphicsmagick
Total 117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17912 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
CVE-2017-18231 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-17915 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
CVE-2017-18230 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-17913 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-02-10 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
CVE-2017-16669 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-27 6.8 MEDIUM 8.8 HIGH
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
CVE-2017-17783 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-27 5.1 MEDIUM 7.5 HIGH
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
CVE-2017-17782 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-27 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
CVE-2018-9018 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-11 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
CVE-2017-16352 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-08 6.8 MEDIUM 8.8 HIGH
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
CVE-2017-16353 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-08 4.3 MEDIUM 6.5 MEDIUM
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVE-2017-14165 1 Graphicsmagick 1 Graphicsmagick 2020-01-08 4.3 MEDIUM 6.5 MEDIUM
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
CVE-2017-14314 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2020-01-08 4.3 MEDIUM 6.5 MEDIUM
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-5118 7 Canonical, Debian, Graphicsmagick and 4 more 14 Ubuntu Linux, Debian Linux, Graphicsmagick and 11 more 2019-12-27 10.0 HIGH 9.8 CRITICAL
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2017-13777 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-12-16 7.1 HIGH 6.5 MEDIUM
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
CVE-2017-13776 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-12-16 7.1 HIGH 6.5 MEDIUM
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
CVE-2018-20189 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-12-03 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
CVE-2017-13147 1 Graphicsmagick 1 Graphicsmagick 2019-12-03 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
CVE-2017-14042 1 Graphicsmagick 1 Graphicsmagick 2019-12-03 4.3 MEDIUM 6.5 MEDIUM
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
CVE-2017-13066 1 Graphicsmagick 1 Graphicsmagick 2019-10-02 4.3 MEDIUM 6.5 MEDIUM
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.