Vulnerabilities > Graphicsmagick > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-17783 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
network
high complexity
graphicsmagick debian CWE-125
7.5
7.5
2017-12-20 CVE-2017-17782 Out-of-bounds Read vulnerability in multiple products
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
network
low complexity
graphicsmagick debian CWE-125
8.8
8.8
2017-12-11 CVE-2017-17503 Out-of-bounds Read vulnerability in multiple products
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
8.8
2017-12-11 CVE-2017-17502 Out-of-bounds Read vulnerability in multiple products
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
8.8
2017-12-11 CVE-2017-17501 Out-of-bounds Read vulnerability in multiple products
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
8.8
2017-12-11 CVE-2017-17500 Out-of-bounds Read vulnerability in multiple products
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
network
low complexity
graphicsmagick debian CWE-125
8.8
8.8
2017-12-11 CVE-2017-17498 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
network
low complexity
graphicsmagick CWE-119
8.8
8.8
2017-11-06 CVE-2017-16547 Improper Input Validation vulnerability in Graphicsmagick 1.3.26
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
network
low complexity
graphicsmagick CWE-20
8.8
8.8
2017-11-05 CVE-2017-16545 NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
network
low complexity
graphicsmagick CWE-476
8.8
8.8
2017-11-01 CVE-2017-16352 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file.
network
low complexity
graphicsmagick debian CWE-119
8.8
8.8