Graphicsmagick : Security Vulnerabilities, CVEs, (Information Leak)
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
0.37%
Published
2019-04-08
Updated
2019-05-23
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
Max CVSS
8.1
EPSS Score
1.18%
Published
2019-04-08
Updated
2023-03-01
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
Max CVSS
9.1
EPSS Score
0.40%
Published
2019-04-08
Updated
2020-08-24
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
Max CVSS
6.5
EPSS Score
0.25%
Published
2017-11-01
Updated
2020-01-08
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Max CVSS
6.5
EPSS Score
1.81%
Published
2017-10-12
Updated
2018-10-18
5 vulnerabilities found