Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Graphicsmagick
(Graphicsmagick)| Repositories | https://github.com/ImageMagick/ImageMagick |
| #Vulnerabilities | 118 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-21 | CVE-2018-18544 | There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. | Graphicsmagick, Imagemagick, Leap | 6.5 | ||
| 2019-04-08 | CVE-2019-11009 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. | Debian_linux, Graphicsmagick, Leap | 8.1 | ||
| 2017-07-10 | CVE-2017-11139 | GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. | Debian_linux, Graphicsmagick | 9.8 | ||
| 2018-01-14 | CVE-2018-5685 | In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. | Debian_linux, Graphicsmagick | 6.5 | ||
| 2018-01-14 | CVE-2018-5360 | LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. | Graphicsmagick, Libtiff | 8.8 | ||
| 2017-03-14 | CVE-2017-6335 | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. | Graphicsmagick | 5.5 | ||
| 2017-10-12 | CVE-2017-15277 | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | Graphicsmagick, Imagemagick | 6.5 | ||
| 2017-09-01 | CVE-2017-14103 | The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. | Graphicsmagick | 8.8 | ||
| 2017-07-26 | CVE-2017-11643 | GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. | Graphicsmagick | 9.8 | ||
| 2017-07-26 | CVE-2017-11637 | GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. | Graphicsmagick | 9.8 |