Vulnerabilities > Graphicsmagick > Graphicsmagick > 1.3.23
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-03 | CVE-2016-2318 | NULL Pointer Dereference vulnerability in multiple products GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | 4.3 |
| 2017-02-03 | CVE-2016-2317 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | 4.3 |
| 2017-01-18 | CVE-2016-7997 | NULL Pointer Dereference vulnerability in Graphicsmagick The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | 5.0 |
| 2017-01-18 | CVE-2016-7996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. | 7.5 |
| 2016-06-10 | CVE-2016-5118 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | 9.8 |