Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Graphicsmagick Subscribe
Filtered by product Graphicsmagick
Total 117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8684 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2018-10-30 6.8 MEDIUM 7.8 HIGH
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
CVE-2016-9830 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2018-10-30 4.3 MEDIUM 5.5 MEDIUM
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
CVE-2016-8682 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2018-10-30 5.0 MEDIUM 7.5 HIGH
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
CVE-2016-8683 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2018-10-30 6.8 MEDIUM 7.8 HIGH
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
CVE-2017-11722 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 4.3 MEDIUM 6.5 MEDIUM
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
CVE-2017-10794 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 4.3 MEDIUM 5.5 MEDIUM
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
CVE-2017-10800 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 4.3 MEDIUM 5.5 MEDIUM
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
CVE-2017-11102 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 5.0 MEDIUM 7.5 HIGH
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
CVE-2017-11403 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
CVE-2017-11636 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 7.5 HIGH 9.8 CRITICAL
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
CVE-2017-11637 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 7.5 HIGH 9.8 CRITICAL
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.
CVE-2017-11638 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.
CVE-2017-11642 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
CVE-2017-11643 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 7.5 HIGH 9.8 CRITICAL
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVE-2017-15277 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2018-10-18 4.3 MEDIUM 6.5 MEDIUM
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVE-2017-16545 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
CVE-2017-16547 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-17498 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-18220 1 Graphicsmagick 1 Graphicsmagick 2018-10-18 6.8 MEDIUM 8.8 HIGH
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
CVE-2006-5456 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2018-10-17 5.1 MEDIUM N/A
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.