Vulnerabilities > Graphicsmagick > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2017-14649 | Reachable Assertion vulnerability in Graphicsmagick 1.3.26 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | 5.5 |
| 2017-09-17 | CVE-2017-14504 | NULL Pointer Dereference vulnerability in multiple products ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | 6.5 |
| 2017-09-12 | CVE-2017-14314 | Out-of-bounds Read vulnerability in multiple products Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | 6.5 |
| 2017-09-06 | CVE-2017-14165 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. | 6.5 |
| 2017-08-30 | CVE-2017-14042 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick 1.3.26 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. | 6.5 |
| 2017-08-30 | CVE-2017-13777 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 6.5 |
| 2017-08-30 | CVE-2017-13776 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 6.5 |
| 2017-08-30 | CVE-2017-13775 | GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | 6.5 |
| 2017-08-29 | CVE-2017-13737 | Use After Free vulnerability in multiple products There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | 6.5 |
| 2017-08-29 | CVE-2017-13736 | Missing Release of Resource after Effective Lifetime vulnerability in Graphicsmagick 1.3.26 There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | 6.5 |