Vulnerabilities > Graphicsmagick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-20185 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. | 2.6 |
| 2018-12-17 | CVE-2018-20184 | Out-of-bounds Write vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. | 4.3 |
| 2018-10-21 | CVE-2018-18544 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. | 4.3 |
| 2018-03-25 | CVE-2018-9018 | Divide By Zero vulnerability in multiple products In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. | 6.5 |
| 2018-03-14 | CVE-2017-18231 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GraphicsMagick 1.3.26. | 4.3 |
| 2018-03-14 | CVE-2017-18230 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GraphicsMagick 1.3.26. | 4.3 |
| 2018-03-14 | CVE-2017-18229 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GraphicsMagick 1.3.26. | 4.3 |
| 2018-03-05 | CVE-2017-18220 | Use After Free vulnerability in Graphicsmagick 1.3.26 The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. | 8.8 |
| 2018-03-05 | CVE-2017-18219 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in GraphicsMagick 1.3.26. | 6.5 |
| 2018-02-07 | CVE-2018-6799 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. | 8.8 |