CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Graphicsmagick » Graphicsmagick » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-12672 787 Overflow 2020-05-06 2020-06-10
5.0
None Remote Low Not required None None Partial
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
2 CVE-2020-10938 190 Overflow 2020-03-24 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
3 CVE-2019-12921 200 +Info 2020-03-18 2021-07-21
4.3
None Remote Medium Not required Partial None None
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
4 CVE-2019-11505 787 DoS Overflow 2019-04-24 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
5 CVE-2019-11010 401 DoS 2019-04-08 2020-08-24
4.3
None Remote Medium Not required None None Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
6 CVE-2019-11009 125 DoS 2019-04-08 2019-05-23
5.8
None Remote Medium Not required Partial None Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
7 CVE-2019-11008 787 DoS Overflow 2019-04-08 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
8 CVE-2019-11007 125 DoS 2019-04-08 2020-08-24
5.8
None Remote Medium Not required Partial None Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
9 CVE-2019-11006 125 DoS 2019-04-08 2020-08-24
6.4
None Remote Low Not required Partial None Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
10 CVE-2019-11005 787 DoS Overflow 2019-04-08 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
11 CVE-2019-7397 401 2019-02-05 2021-04-28
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
12 CVE-2018-18544 772 2018-10-21 2019-10-03
4.3
None Remote Medium Not required None None Partial
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
13 CVE-2018-6799 119 DoS Overflow 2018-02-07 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
14 CVE-2017-9098 908 +Info 2017-05-19 2021-04-28
5.0
None Remote Low Not required Partial None None
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
15 CVE-2017-6335 125 DoS 2017-03-14 2018-08-04
4.3
None Remote Medium Not required None None Partial
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
16 CVE-2016-7997 476 DoS 2017-01-18 2017-11-04
5.0
None Remote Low Not required None None Partial
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
17 CVE-2016-7996 119 Overflow 2017-01-18 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
18 CVE-2016-7800 119 DoS Overflow 2017-02-06 2019-04-12
5.0
None Remote Low Not required None None Partial
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
19 CVE-2016-7448 399 DoS 2017-02-06 2019-04-12
7.8
None Remote Low Not required None None Complete
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
20 CVE-2016-7447 119 Overflow 2017-02-06 2019-04-15
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
21 CVE-2016-5241 189 DoS 2017-02-03 2019-04-12
4.3
None Remote Medium Not required None None Partial
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
22 CVE-2016-5240 20 DoS 2017-02-27 2018-05-18
4.3
None Remote Medium Not required None None Partial
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
23 CVE-2016-5118 284 Exec Code 2016-06-10 2019-12-27
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
24 CVE-2015-8808 119 DoS Overflow 2016-07-13 2017-11-04
4.3
None Remote Medium Not required None None Partial
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
25 CVE-2013-4589 DoS 2013-11-23 2016-08-26
4.3
None Remote Medium Not required None None Partial
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
26 CVE-2008-6621 DoS 2009-04-06 2009-04-14
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information.
27 CVE-2008-6072 DoS 2009-02-10 2009-03-13
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images.
28 CVE-2008-6071 119 DoS Exec Code Overflow 2009-02-10 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information.
29 CVE-2008-6070 119 DoS Exec Code Overflow 2009-02-10 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.
30 CVE-2007-0770 DoS Exec Code Overflow 2007-02-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
31 CVE-2006-5456 119 DoS Exec Code Overflow 2006-10-23 2018-10-17
5.1
None Remote High Not required Partial Partial Partial
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.