Vulnerabilities > Graphicsmagick > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17912 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | 6.8 |
| 2017-11-09 | CVE-2017-16669 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | 6.8 |
| 2017-11-01 | CVE-2017-16353 | Out-of-bounds Read vulnerability in multiple products GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. | 6.5 |
| 2017-10-12 | CVE-2017-15277 | Information Exposure vulnerability in multiple products ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. | 4.3 |
| 2017-10-04 | CVE-2017-14997 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | 6.5 |
| 2017-10-04 | CVE-2017-14994 | NULL Pointer Dereference vulnerability in multiple products ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | 6.5 |
| 2017-09-25 | CVE-2017-14733 | Out-of-bounds Read vulnerability in multiple products ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 6.5 |
| 2017-09-21 | CVE-2017-14649 | Reachable Assertion vulnerability in Graphicsmagick 1.3.26 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | 5.5 |
| 2017-09-17 | CVE-2017-14504 | NULL Pointer Dereference vulnerability in multiple products ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | 6.5 |
| 2017-09-12 | CVE-2017-14314 | Out-of-bounds Read vulnerability in multiple products Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | 4.3 |