Graphicsmagick : Security Vulnerabilities, CVEs, Published In 2017 (Denial of service)
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-12-11
Updated
2018-10-18
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
Max CVSS
8.8
EPSS Score
0.88%
Published
2017-11-09
Updated
2020-01-27
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
8.8
EPSS Score
0.88%
Published
2017-11-06
Updated
2018-10-18
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
Max CVSS
8.8
EPSS Score
1.16%
Published
2017-11-05
Updated
2018-10-18
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
Max CVSS
7.1
EPSS Score
1.06%
Published
2017-10-04
Updated
2019-06-30
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
Max CVSS
6.5
EPSS Score
0.41%
Published
2017-10-04
Updated
2019-06-30
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
Max CVSS
6.5
EPSS Score
0.72%
Published
2017-09-25
Updated
2019-10-03
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
Max CVSS
5.5
EPSS Score
0.15%
Published
2017-09-21
Updated
2019-10-03
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
Max CVSS
6.5
EPSS Score
1.15%
Published
2017-09-12
Updated
2020-01-08
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.
Max CVSS
6.5
EPSS Score
0.21%
Published
2017-09-06
Updated
2020-01-08
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
Max CVSS
6.5
EPSS Score
0.12%
Published
2017-08-30
Updated
2019-12-03
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
Max CVSS
7.1
EPSS Score
0.57%
Published
2017-08-30
Updated
2019-12-16
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
Max CVSS
7.1
EPSS Score
0.17%
Published
2017-08-30
Updated
2019-12-16
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.
Max CVSS
7.1
EPSS Score
0.31%
Published
2017-08-30
Updated
2019-10-03
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
Max CVSS
6.5
EPSS Score
0.81%
Published
2017-08-29
Updated
2019-06-30
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
Max CVSS
6.5
EPSS Score
0.49%
Published
2017-08-29
Updated
2019-10-03
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
Max CVSS
6.5
EPSS Score
0.49%
Published
2017-07-28
Updated
2018-10-18
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
Max CVSS
7.1
EPSS Score
0.73%
Published
2017-07-10
Updated
2019-10-03
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
Max CVSS
7.5
EPSS Score
0.82%
Published
2017-07-07
Updated
2018-10-18
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
Max CVSS
5.5
EPSS Score
0.13%
Published
2017-07-03
Updated
2018-10-18
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
Max CVSS
5.5
EPSS Score
0.14%
Published
2017-07-03
Updated
2019-04-15
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
Max CVSS
5.5
EPSS Score
0.54%
Published
2017-03-14
Updated
2018-08-04
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
Max CVSS
5.5
EPSS Score
0.77%
Published
2017-03-01
Updated
2018-10-30
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
Max CVSS
7.5
EPSS Score
1.17%
Published
2017-02-15
Updated
2018-10-30
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
Max CVSS
7.5
EPSS Score
0.40%
Published
2017-01-18
Updated
2017-11-04