The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Max CVSS
8.8
EPSS Score
0.56%
Published
2017-02-15
Updated
2021-04-28
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Max CVSS
7.8
EPSS Score
0.59%
Published
2017-02-15
Updated
2018-10-30
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
Max CVSS
7.8
EPSS Score
0.76%
Published
2017-02-15
Updated
2018-10-30
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
3.32%
Published
2017-02-06
Updated
2019-04-12
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
2.80%
Published
2017-02-06
Updated
2019-04-15
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
Max CVSS
9.8
EPSS Score
2.80%
Published
2017-02-06
Updated
2019-04-15
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
Max CVSS
6.5
EPSS Score
0.69%
Published
2017-01-20
Updated
2018-10-30
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
Max CVSS
7.8
EPSS Score
0.43%
Published
2017-04-21
Updated
2018-10-30
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
Max CVSS
5.5
EPSS Score
1.31%
Published
2017-02-03
Updated
2018-10-30
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
Max CVSS
7.5
EPSS Score
4.15%
Published
2017-12-05
Updated
2018-10-30
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
Max CVSS
9.8
EPSS Score
2.29%
Published
2017-03-20
Updated
2018-10-30
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
Max CVSS
9.8
EPSS Score
1.35%
Published
2017-03-20
Updated
2018-10-30
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
Max CVSS
5.5
EPSS Score
1.12%
Published
2017-03-20
Updated
2018-10-30
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-03-20
Updated
2018-10-30
14 vulnerabilities found