Graphicsmagick : Security Vulnerabilities, CVEs, CVSS score >= 8
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-03-24
Updated
2022-01-01
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Max CVSS
9.1
EPSS Score
0.31%
Published
2019-12-24
Updated
2022-10-31
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Max CVSS
9.8
EPSS Score
1.21%
Published
2019-12-24
Updated
2022-10-31
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Max CVSS
9.8
EPSS Score
0.71%
Published
2019-12-24
Updated
2022-10-31
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
Max CVSS
8.8
EPSS Score
0.40%
Published
2019-04-24
Updated
2023-03-01
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
Max CVSS
8.8
EPSS Score
0.35%
Published
2019-04-24
Updated
2023-03-01
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
0.37%
Published
2019-04-08
Updated
2019-05-23
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Max CVSS
8.8
EPSS Score
0.90%
Published
2019-04-08
Updated
2023-03-01
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
Max CVSS
8.1
EPSS Score
1.18%
Published
2019-04-08
Updated
2023-03-01
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
Max CVSS
9.1
EPSS Score
0.40%
Published
2019-04-08
Updated
2020-08-24
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
Max CVSS
9.8
EPSS Score
2.42%
Published
2019-04-08
Updated
2020-08-24
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
Max CVSS
8.8
EPSS Score
1.15%
Published
2018-02-07
Updated
2019-06-30
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Max CVSS
8.8
EPSS Score
0.41%
Published
2018-01-14
Updated
2019-04-22
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
Max CVSS
8.8
EPSS Score
1.89%
Published
2018-03-05
Updated
2018-10-18
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
Max CVSS
8.8
EPSS Score
0.42%
Published
2017-12-27
Updated
2020-02-10
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
Max CVSS
8.8
EPSS Score
0.20%
Published
2017-12-27
Updated
2020-02-10
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
Max CVSS
8.8
EPSS Score
0.42%
Published
2017-12-27
Updated
2020-02-10
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
Max CVSS
8.8
EPSS Score
0.42%
Published
2017-12-20
Updated
2020-01-27
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
Max CVSS
8.8
EPSS Score
0.41%
Published
2017-12-11
Updated
2019-06-30
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
Max CVSS
8.8
EPSS Score
0.41%
Published
2017-12-11
Updated
2019-06-30
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
Max CVSS
8.8
EPSS Score
0.48%
Published
2017-12-11
Updated
2019-06-30
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
Max CVSS
8.8
EPSS Score
0.48%
Published
2017-12-11
Updated
2019-06-30
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-12-11
Updated
2018-10-18
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Max CVSS
8.8
EPSS Score
0.88%
Published
2017-11-09
Updated
2020-01-27
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
8.8
EPSS Score
0.88%
Published
2017-11-06
Updated
2018-10-18