Vulnerabilities (CVE)

Filtered by vendor Graphicsmagick Subscribe
Filtered by product Graphicsmagick
Total 117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7397 5 Canonical, Debian, Graphicsmagick and 2 more 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVE-2018-20184 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
CVE-2018-18544 3 Graphicsmagick, Imagemagick, Opensuse 3 Graphicsmagick, Imagemagick, Leap 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
CVE-2017-18231 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2018-9018 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
CVE-2017-18219 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation.
CVE-2018-6799 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
CVE-2017-18220 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
CVE-2017-18229 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
CVE-2017-18230 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-14042 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
CVE-2017-13066 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.
CVE-2017-14997 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 7.1 HIGH 6.5 MEDIUM
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
CVE-2017-17498 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-15277 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVE-2017-16353 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVE-2017-17782 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
CVE-2017-17502 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
CVE-2017-11139 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 7.5 HIGH 9.8 CRITICAL
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
CVE-2018-5685 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.