Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Graphicsmagick
(Graphicsmagick)| Repositories | https://github.com/ImageMagick/ImageMagick |
| #Vulnerabilities | 118 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-24 | CVE-2019-11505 | In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. | Ubuntu_linux, Debian_linux, Graphicsmagick, Backports_sle, Leap | 8.8 | ||
| 2019-04-24 | CVE-2019-11506 | In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. | Ubuntu_linux, Debian_linux, Graphicsmagick, Backports_sle, Leap | 8.8 | ||
| 2022-09-28 | CVE-2022-1270 | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | Debian_linux, Graphicsmagick | 7.8 | ||
| 2020-05-06 | CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | Debian_linux, Graphicsmagick, Backports_sle, Leap | 7.5 | ||
| 2019-12-24 | CVE-2019-19950 | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | Debian_linux, Graphicsmagick, Backports, Leap | 9.8 | ||
| 2019-12-24 | CVE-2019-19951 | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | Debian_linux, Graphicsmagick, Backports, Leap | 9.8 | ||
| 2019-12-24 | CVE-2019-19953 | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | Debian_linux, Graphicsmagick, Backports, Leap | 9.1 | ||
| 2020-03-18 | CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | Debian_linux, Graphicsmagick, Backports_sle, Leap | 6.5 | ||
| 2020-03-24 | CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | Debian_linux, Graphicsmagick, Backports, Leap | 9.8 | ||
| 2017-05-19 | CVE-2017-9098 | ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | Debian_linux, Graphicsmagick, Imagemagick | 7.5 |