High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-18	CVE-2017-12936	Use After Free vulnerability in multiple products The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. network low complexity graphicsmagick debian CWE-416	8.8
2017-08-18	CVE-2017-12935	Out-of-bounds Read vulnerability in multiple products The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. network low complexity graphicsmagick debian CWE-125	8.8
2017-07-26	CVE-2017-11642	NULL Pointer Dereference vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. network low complexity graphicsmagick CWE-476	8.8
2017-07-26	CVE-2017-11638	Improper Input Validation vulnerability in Graphicsmagick 1.3.26 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. network low complexity graphicsmagick CWE-20	8.8
2017-07-18	CVE-2017-11403	Use After Free vulnerability in Graphicsmagick 1.3.26 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. network low complexity graphicsmagick CWE-416	8.8
2017-07-07	CVE-2017-11102	Improper Input Validation vulnerability in Graphicsmagick 1.3.26 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. network low complexity graphicsmagick CWE-20	7.5
2017-05-19	CVE-2017-9098	Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. network low complexity imagemagick graphicsmagick debian CWE-908	7.5
2017-02-15	CVE-2016-8684	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." local low complexity graphicsmagick opensuse debian CWE-119	7.8
2017-02-15	CVE-2016-8683	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." local low complexity graphicsmagick opensuse debian CWE-119	7.8
2017-02-15	CVE-2016-8682	Out-of-bounds Read vulnerability in multiple products The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. network low complexity graphicsmagick opensuse debian CWE-125	7.5