Total
118 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-10799 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |||||
CVE-2017-11636 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. | |||||
CVE-2017-11102 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. | |||||
CVE-2017-17782 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | |||||
CVE-2017-17503 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | |||||
CVE-2017-16547 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2017-11642 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. | |||||
CVE-2017-13065 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | |||||
CVE-2017-11722 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition. | |||||
CVE-2017-16353 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. | |||||
CVE-2017-16545 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. | |||||
CVE-2017-17913 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. | |||||
CVE-2017-13775 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | |||||
CVE-2017-11139 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | |||||
CVE-2017-13066 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. | |||||
CVE-2017-11643 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | |||||
CVE-2017-14994 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | |||||
CVE-2018-5360 | 2 Graphicsmagick, Libtiff | 2 Graphicsmagick, Libtiff | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. | |||||
CVE-2017-10794 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | |||||
CVE-2017-13736 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. |