Vulnerabilities (CVE)

Filtered by vendor Graphicsmagick Subscribe
Total 117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-13147 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
CVE-2017-14504 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
CVE-2017-12935 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
CVE-2017-11722 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
CVE-2017-13775 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 7.1 HIGH 6.5 MEDIUM
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.
CVE-2017-14165 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
CVE-2017-17913 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2024-02-04 6.8 MEDIUM 8.8 HIGH
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
CVE-2016-9830 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
CVE-2016-5241 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
CVE-2016-5240 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
CVE-2016-7449 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
CVE-2016-7448 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2024-02-04 7.8 HIGH 7.5 HIGH
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2016-7447 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-2317 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
CVE-2016-8684 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2024-02-04 6.8 MEDIUM 7.8 HIGH
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
CVE-2016-2318 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
CVE-2016-8683 3 Debian, Graphicsmagick, Opensuse 3 Debian Linux, Graphicsmagick, Opensuse 2024-02-04 6.8 MEDIUM 7.8 HIGH
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
CVE-2017-6335 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
CVE-2016-7800 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
CVE-2016-7997 1 Graphicsmagick 1 Graphicsmagick 2024-02-04 5.0 MEDIUM 7.5 HIGH
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.