CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Graphicsmagick : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14504 476 2017-09-17 2017-09-21
4.3
None Remote Medium Not required None None Partial
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
2 CVE-2017-14314 189 DoS 2017-09-11 2017-09-14
4.3
None Remote Medium Not required None None Partial
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
3 CVE-2017-14165 119 DoS Overflow 2017-09-06 2017-09-12
4.3
None Remote Medium Not required None None Partial
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
4 CVE-2017-14103 416 2017-09-01 2017-09-05
6.8
None Remote Medium Not required Partial Partial Partial
The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.
5 CVE-2017-14042 119 DoS Overflow 2017-08-30 2017-09-01
4.3
None Remote Medium Not required None None Partial
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
6 CVE-2017-13777 399 DoS 2017-08-30 2017-09-02
7.1
None Remote Medium Not required None None Complete
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
7 CVE-2017-13776 399 DoS 2017-08-30 2017-09-02
7.1
None Remote Medium Not required None None Complete
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
8 CVE-2017-13775 399 DoS 2017-08-30 2017-09-02
7.1
None Remote Medium Not required None None Complete
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.
9 CVE-2017-13737 416 DoS 2017-08-29 2017-09-08
4.3
None Remote Medium Not required None None Partial
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
10 CVE-2017-13736 119 DoS Overflow 2017-08-29 2017-08-30
4.3
None Remote Medium Not required None None Partial
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
11 CVE-2017-13648 119 Overflow 2017-08-23 2017-08-25
4.3
None Remote Medium Not required None None Partial
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
12 CVE-2017-13147 20 2017-08-23 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
13 CVE-2017-13066 119 Overflow 2017-08-22 2017-08-25
4.3
None Remote Medium Not required None None Partial
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.
14 CVE-2017-13065 476 2017-08-22 2017-08-22
4.3
None Remote Medium Not required None None Partial
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
15 CVE-2017-13064 119 Overflow 2017-08-22 2017-08-25
4.3
None Remote Medium Not required None None Partial
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
16 CVE-2017-13063 119 Overflow 2017-08-22 2017-08-22
4.3
None Remote Medium Not required None None Partial
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
17 CVE-2017-12937 119 Overflow 2017-08-18 2017-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
18 CVE-2017-12936 416 2017-08-18 2017-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
19 CVE-2017-12935 125 2017-08-18 2017-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
20 CVE-2017-11722 125 DoS 2017-07-28 2017-08-03
4.3
None Remote Medium Not required None None Partial
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
21 CVE-2017-11643 119 Overflow 2017-07-26 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
22 CVE-2017-11642 476 2017-07-26 2017-08-18
6.8
None Remote Medium Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
23 CVE-2017-11641 119 Overflow 2017-07-26 2017-07-31
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.
24 CVE-2017-11638 20 2017-07-26 2017-07-31
6.8
None Remote Medium Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.
25 CVE-2017-11637 476 2017-07-26 2017-07-31
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.
26 CVE-2017-11636 119 Overflow 2017-07-26 2017-07-31
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
27 CVE-2017-11403 416 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
28 CVE-2017-11140 399 DoS 2017-07-09 2017-07-12
7.1
None Remote Medium Not required None None Complete
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
29 CVE-2017-11139 415 2017-07-09 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
30 CVE-2017-11102 20 DoS 2017-07-07 2017-07-12
5.0
None Remote Low Not required None None Partial
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
31 CVE-2017-10800 400 DoS 2017-07-02 2017-07-05
4.3
None Remote Medium Not required None None Partial
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
32 CVE-2017-10799 400 DoS 2017-07-02 2017-07-05
4.3
None Remote Medium Not required None None Partial
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
33 CVE-2017-10794 119 Overflow 2017-07-02 2017-07-05
4.3
None Remote Medium Not required None None Partial
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
34 CVE-2017-9098 200 +Info 2017-05-19 2017-06-02
5.0
None Remote Low Not required Partial None None
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
35 CVE-2017-6335 125 DoS 2017-03-14 2017-03-14
4.3
None Remote Medium Not required None None Partial
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
36 CVE-2016-9830 20 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
37 CVE-2016-8684 119 Overflow 2017-02-15 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
38 CVE-2016-8683 119 Overflow 2017-02-15 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
39 CVE-2016-8682 125 DoS 2017-02-15 2017-02-17
5.0
None Remote Low Not required None None Partial
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
40 CVE-2016-7997 476 DoS 2017-01-18 2017-01-23
5.0
None Remote Low Not required None None Partial
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
41 CVE-2016-7996 119 Overflow 2017-01-18 2017-01-23
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
42 CVE-2016-7800 119 DoS Overflow 2017-02-06 2017-03-23
5.0
None Remote Low Not required None None Partial
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
43 CVE-2016-7449 125 DoS 2017-02-06 2017-02-09
5.0
None Remote Low Not required None None Partial
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
44 CVE-2016-7448 399 DoS 2017-02-06 2017-02-08
7.8
None Remote Low Not required None None Complete
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
45 CVE-2016-7447 119 Overflow 2017-02-06 2017-02-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
46 CVE-2016-7446 119 Overflow 2017-02-06 2017-02-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
47 CVE-2016-5241 189 DoS 2017-02-03 2017-02-07
4.3
None Remote Medium Not required None None Partial
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
48 CVE-2016-5240 20 DoS 2017-02-27 2017-02-28
4.3
None Remote Medium Not required None None Partial
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
49 CVE-2016-5118 284 Exec Code 2016-06-10 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
50 CVE-2016-2318 476 DoS 2017-02-03 2017-02-07
4.3
None Remote Medium Not required None None Partial
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
Total number of vulnerabilities : 64   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.