SUSE CVE-2017-14314

Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service DrawDashPolygon heap-based buffer over-read and application crash via a crafted file...

Information Disclosure

firefox is vulnerable to information disclosure. When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function takes a variable amount of time depending on the content of the underlying image. This can result in potential cross-origin information...

CVE-2017-16547

The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service negative strncpy and application crash or possibly have unspecified other impact via a...

CVE-2017-14314

Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service DrawDashPolygon heap-based buffer over-read and application crash via a crafted file...

Null pointer dereference

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted SVG file, related to the 1 DrawImage function in magick/render.c, 2 SVGStartElement function in coders/svg.c, and 3 TraceArcPath function in magick/render.c...

CVE-2016-10046

Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service application crash via a crafted image file...

CVE-2016-4564

The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified...

CVE-2016-4564

The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified...

CVE-2009-3604

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted P...