ImageMagick < 7.0.8-25 Multiple Vulnerabilities

The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.8-25. It is, therefore, affected by multiple vulnerabilities: - A denial of service DoS vulnerability exists in coders/pcd.c due to a memory leak in DecodeImage. An unauthenticated, remote attacker can exploit thi...

Memory corruption

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c...

Security update for GraphicsMagick (moderate)

This update for GraphicsMagick fixes the following issues: Security issues fixed: - CVE-2018-20184: Fixed heap-based buffer overflow in the WriteTGAImage function of tga.c bsc1119822 - CVE-2018-20189: Fixed denial of service vulnerability in ReadDIBImage function of coders/dib.c bsc1119790...

Information disclosure

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping which is not available beyond 8-bits/sample, and therefore lacks indexes...

CVE-2018-20189

GraphicsMagick 1.3.31 is affected by CVE-2018-20189 in the ReadDIBImage function (coders/dib.c). A crafted DIB image that exploits direct pixel values with colormapping (not supported beyond 8-bits/sample) can trigger missing indexes initialization, causing a crash and denial of service. No furth...

CVE-2018-16645

There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file...

CVE-2018-12600

ImageMagick 7.0.8-3 Q16 contains ReadDIBImage/WriteDIBImage in coders/dib.c that allow an out-of-bounds write via a crafted image file, leading to memory corruption/DoS. Affected releases and advisories reference CVE-2018-12600. Remediation: update ImageMagick to a patched version as advised by A...