The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
1.63%
Published
2017-03-15
Updated
2018-08-04
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
Max CVSS
5.5
EPSS Score
0.53%
Published
2017-03-14
Updated
2018-08-04
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
Max CVSS
7.5
EPSS Score
0.26%
Published
2017-05-19
Updated
2021-04-28
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
Max CVSS
7.5
EPSS Score
0.82%
Published
2017-07-07
Updated
2018-10-18
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
Max CVSS
7.1
EPSS Score
0.73%
Published
2017-07-10
Updated
2019-10-03
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
Max CVSS
8.8
EPSS Score
22.44%
Published
2017-07-18
Updated
2018-10-18
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.
Max CVSS
9.8
EPSS Score
0.29%
Published
2017-07-26
Updated
2018-10-18
GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.
Max CVSS
8.8
EPSS Score
0.37%
Published
2017-07-26
Updated
2018-10-18
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.
Max CVSS
9.8
EPSS Score
0.29%
Published
2017-07-26
Updated
2019-10-03
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
Max CVSS
8.8
EPSS Score
0.40%
Published
2017-07-26
Updated
2018-10-18
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
Max CVSS
8.8
EPSS Score
0.82%
Published
2017-08-18
Updated
2019-06-30
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
Max CVSS
8.8
EPSS Score
28.95%
Published
2017-08-18
Updated
2019-06-30
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.
Max CVSS
6.5
EPSS Score
0.81%
Published
2017-08-29
Updated
2019-06-30
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.
Max CVSS
7.1
EPSS Score
0.31%
Published
2017-08-30
Updated
2019-10-03
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
Max CVSS
7.1
EPSS Score
0.17%
Published
2017-08-30
Updated
2019-12-16
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it.
Max CVSS
7.1
EPSS Score
0.57%
Published
2017-08-30
Updated
2019-12-16
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
Max CVSS
6.5
EPSS Score
0.40%
Published
2017-09-17
Updated
2019-06-30
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
Max CVSS
6.5
EPSS Score
0.41%
Published
2017-10-04
Updated
2019-06-30
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
Max CVSS
7.1
EPSS Score
1.06%
Published
2017-10-04
Updated
2019-06-30
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Max CVSS
6.5
EPSS Score
1.81%
Published
2017-10-12
Updated
2018-10-18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!