Vulnerabilities > Graphicsmagick

DATE CVE VULNERABILITY TITLE RISK
2018-12-17 CVE-2018-20185 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file.
network
high complexity
graphicsmagick debian canonical CWE-125
5.3
5.3
2018-12-17 CVE-2018-20184 Out-of-bounds Write vulnerability in multiple products
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
network
low complexity
graphicsmagick debian CWE-787
6.5
6.5
2018-10-21 CVE-2018-18544 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
network
low complexity
imagemagick graphicsmagick opensuse CWE-772
6.5
6.5
2018-03-25 CVE-2018-9018 Divide By Zero vulnerability in multiple products
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c.
network
low complexity
graphicsmagick debian CWE-369
6.5
6.5
2018-03-14 CVE-2017-18231 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GraphicsMagick 1.3.26.
network
low complexity
graphicsmagick debian CWE-476
6.5
6.5
2018-03-14 CVE-2017-18230 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GraphicsMagick 1.3.26.
network
low complexity
graphicsmagick debian CWE-476
6.5
6.5
2018-03-14 CVE-2017-18229 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GraphicsMagick 1.3.26.
network
low complexity
graphicsmagick debian CWE-770
6.5
6.5
2018-03-05 CVE-2017-18220 Use After Free vulnerability in Graphicsmagick 1.3.26
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
network
low complexity
graphicsmagick CWE-416
8.8
8.8
2018-03-05 CVE-2017-18219 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GraphicsMagick 1.3.26.
network
low complexity
graphicsmagick debian CWE-770
6.5
6.5
2018-02-07 CVE-2018-6799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
network
low complexity
graphicsmagick debian CWE-119
8.8
8.8