Vulnerabilities > Graphicsmagick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-11 | CVE-2017-17500 | Out-of-bounds Read vulnerability in multiple products ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | 8.8 |
| 2017-12-11 | CVE-2017-17498 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26 WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2017-11-09 | CVE-2017-16669 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | 6.8 |
| 2017-11-06 | CVE-2017-16547 | Improper Input Validation vulnerability in Graphicsmagick 1.3.26 The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2017-11-05 | CVE-2017-16545 | NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26 The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. | 8.8 |
| 2017-11-01 | CVE-2017-16353 | Out-of-bounds Read vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. | 6.5 |
| 2017-11-01 | CVE-2017-16352 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. | 8.8 |
| 2017-10-27 | CVE-2017-15930 | NULL Pointer Dereference vulnerability in multiple products In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | 8.8 |
| 2017-10-12 | CVE-2017-15277 | Information Exposure vulnerability in multiple products ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. | 4.3 |
| 2017-10-11 | CVE-2017-15238 | Use After Free vulnerability in multiple products ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | 8.8 |