Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Graphicsmagick Subscribe
Filtered by product Graphicsmagick
Total 117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15930 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 6.8 MEDIUM 8.8 HIGH
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
CVE-2017-13064 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 4.3 MEDIUM 6.5 MEDIUM
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
CVE-2017-13065 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 4.3 MEDIUM 6.5 MEDIUM
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
CVE-2017-17500 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 6.8 MEDIUM 8.8 HIGH
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
CVE-2017-17501 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 6.8 MEDIUM 8.8 HIGH
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
CVE-2017-17502 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 6.8 MEDIUM 8.8 HIGH
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
CVE-2018-6799 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-06-29 6.8 MEDIUM 8.8 HIGH
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
CVE-2019-11473 1 Graphicsmagick 1 Graphicsmagick 2019-05-22 4.3 MEDIUM 6.5 MEDIUM
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
CVE-2019-11009 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Leap 2019-05-22 5.8 MEDIUM 8.1 HIGH
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
CVE-2017-11139 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-05-03 7.5 HIGH 9.8 CRITICAL
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
CVE-2018-5360 2 Graphicsmagick, Libtiff 2 Graphicsmagick, Libtiff 2019-04-22 6.8 MEDIUM 8.8 HIGH
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVE-2016-7447 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-15 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-7446 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-15 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVE-2017-10799 1 Graphicsmagick 1 Graphicsmagick 2019-04-15 4.3 MEDIUM 5.5 MEDIUM
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
CVE-2016-5241 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 4.3 MEDIUM 5.5 MEDIUM
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
CVE-2016-7449 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 5.0 MEDIUM 7.5 HIGH
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVE-2016-7800 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 5.0 MEDIUM 7.5 HIGH
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
CVE-2016-7448 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2019-04-12 7.8 HIGH 7.5 HIGH
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2016-2317 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
CVE-2016-2318 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.