Vulnerabilities > Graphicsmagick

DATE CVE VULNERABILITY TITLE RISK
2017-02-03 CVE-2016-2318 NULL Pointer Dereference vulnerability in multiple products
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.
local
low complexity
graphicsmagick debian suse opensuse CWE-476
5.5
5.5
2017-02-03 CVE-2016-2317 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.
local
low complexity
graphicsmagick debian suse opensuse CWE-119
5.5
5.5
2017-01-18 CVE-2016-7997 NULL Pointer Dereference vulnerability in Graphicsmagick
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
network
low complexity
graphicsmagick CWE-476
7.5
7.5
2017-01-18 CVE-2016-7996 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
network
low complexity
graphicsmagick CWE-119
critical
 9.8
9.8
2016-07-13 CVE-2015-8808 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
local
low complexity
graphicsmagick suse fedoraproject CWE-119
5.5
5.5
2016-06-10 CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
network
low complexity
graphicsmagick suse oracle opensuse canonical debian imagemagick
critical
 9.8
9.8