Graphicsmagick@* Security Vulnerabilities and Issues — Graphicsmagick@* CVE List

Lucene search

GraphicsmagickGraphicsmagick*

31 matches found

CVE•added 2019/02/05 12:29 a.m.•242 views

CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

7.5CVSS7.4AI score0.00232EPSS

CVE•added 2009/04/06 9:30 p.m.•233 views

CVE-2008-6621

Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information.

7.8CVSS7.2AI score0.00722EPSS

CVE•added 2018/10/21 1:29 a.m.•230 views

CVE-2018-18544

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.

6.5CVSS7AI score0.00151EPSS

CVE•added 2020/05/06 3:15 a.m.•228 views

CVE-2020-12672

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

7.5CVSS7.6AI score0.00357EPSS

CVE•added 2020/03/24 4:15 p.m.•205 views

CVE-2020-10938

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

9.8CVSS9.5AI score0.01678EPSS

CVE•added 2020/03/18 7:15 p.m.•200 views

CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

6.5CVSS7.5AI score0.06531EPSS

CVE•added 2019/04/08 7:29 p.m.•180 views

CVE-2019-11008

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

8.8CVSS7.7AI score0.00949EPSS

CVE•added 2019/04/08 7:29 p.m.•174 views

CVE-2019-11009

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

8.1CVSS6.9AI score0.01377EPSS

CVE•added 2019/04/08 7:29 p.m.•153 views

CVE-2019-11007

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

8.1CVSS8AI score0.01396EPSS

CVE•added 2016/06/10 3:59 p.m.•152 views

CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

10CVSS9.5AI score0.35422EPSS

CVE•added 2019/04/24 9:29 p.m.•147 views

CVE-2019-11505

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickB...

8.8CVSS8.9AI score0.008EPSS

CVE•added 2019/04/08 7:29 p.m.•136 views

CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.

9.8CVSS9AI score0.02597EPSS

CVE•added 2019/04/08 7:29 p.m.•135 views

CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.

9.1CVSS7.8AI score0.0063EPSS

CVE•added 2019/04/08 7:29 p.m.•131 views

CVE-2019-11010

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.

6.5CVSS6.6AI score0.00641EPSS

CVE•added 2017/02/27 10:59 p.m.•122 views

CVE-2016-5240

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

5.5CVSS6.7AI score0.00599EPSS

CVE•added 2017/05/19 7:29 p.m.•116 views

CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data...

7.5CVSS7.3AI score0.0146EPSS

CVE•added 2017/01/18 5:59 p.m.•109 views

CVE-2016-7997

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

7.5CVSS7.9AI score0.01147EPSS

CVE•added 2018/02/07 5:29 a.m.•101 views

CVE-2018-6799

The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.

8.8CVSS7.5AI score0.00776EPSS

CVE•added 2017/02/06 5:59 p.m.•100 views

CVE-2016-7800

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

7.5CVSS7.9AI score0.02194EPSS

CVE•added 2017/01/18 5:59 p.m.•98 views

CVE-2016-7996

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

9.8CVSS9.4AI score0.01164EPSS

CVE•added 2017/02/06 5:59 p.m.•89 views

CVE-2016-7448

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

7.8CVSS8AI score0.04162EPSS

CVE•added 2017/03/14 2:59 p.m.•86 views

CVE-2017-6335

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.

5.5CVSS6.6AI score0.00475EPSS

CVE•added 2017/02/06 5:59 p.m.•85 views

CVE-2016-7447

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

9.8CVSS9.7AI score0.02033EPSS

CVE•added 2006/10/23 5:7 p.m.•76 views

CVE-2006-5456

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is no...

5.1CVSS7.3AI score0.00803EPSS

CVE•added 2017/02/03 3:59 p.m.•71 views

CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

5.5CVSS6.6AI score0.00354EPSS

CVE•added 2007/02/12 8:28 p.m.•68 views

CVE-2007-0770

Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for C...

9.3CVSS7.5AI score0.06864EPSS

CVE•added 2016/07/13 3:59 p.m.•67 views

CVE-2015-8808

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

5.5CVSS5.2AI score0.00294EPSS

CVE•added 2009/02/10 6:59 a.m.•65 views

CVE-2008-6071

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from th...

10CVSS8.1AI score0.06081EPSS

CVE•added 2013/11/23 11:55 a.m.•62 views

CVE-2013-4589

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

4.3CVSS6.3AI score0.02351EPSS

CVE•added 2009/02/10 6:59 a.m.•59 views

CVE-2008-6072

Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images.

5CVSS7.3AI score0.01382EPSS

CVE•added 2009/02/10 6:59 a.m.•58 views

CVE-2008-6070

Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of th...

9.3CVSS8AI score0.06864EPSS