This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Graphicsmagick First view 2009-02-10
Product Graphicsmagick Last view 2020-05-06
Version 1.2.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:graphicsmagick:graphicsmagick

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2020-05-06 CVE-2020-12672

GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.

9.8 2020-03-24 CVE-2020-10938

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

6.5 2020-03-18 CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.

8.8 2019-04-24 CVE-2019-11505

In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.

6.5 2019-04-08 CVE-2019-11010

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.

8.1 2019-04-08 CVE-2019-11009

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.

8.8 2019-04-08 CVE-2019-11008

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

8.1 2019-04-08 CVE-2019-11007

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.

9.1 2019-04-08 CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.

9.8 2019-04-08 CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.

7.5 2019-02-04 CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

6.5 2018-10-20 CVE-2018-18544

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.

8.8 2018-02-07 CVE-2018-6799

The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.

7.5 2017-05-19 CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

5.5 2017-03-14 CVE-2017-6335

The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.

5.5 2017-02-27 CVE-2016-5240

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

7.5 2017-02-06 CVE-2016-7800

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

7.5 2017-02-06 CVE-2016-7448

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.

9.8 2017-02-06 CVE-2016-7447

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.

5.5 2017-02-03 CVE-2016-5241

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

7.5 2017-01-18 CVE-2016-7997

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.

9.8 2017-01-18 CVE-2016-7996

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.

5.5 2016-07-13 CVE-2015-8808

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

9.8 2016-06-10 CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

4.3 2013-11-23 CVE-2013-4589

The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.

CWE : Common Weakness Enumeration

%idName
25% (7) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (4) CWE-787 Out-of-bounds Write
14% (4) CWE-125 Out-of-bounds Read
7% (2) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
7% (2) CWE-200 Information Exposure
3% (1) CWE-772 Missing Release of Resource after Effective Lifetime
3% (1) CWE-476 NULL Pointer Dereference
3% (1) CWE-399 Resource Management Errors
3% (1) CWE-284 Access Control (Authorization) Issues
3% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
3% (1) CWE-190 Integer Overflow or Wraparound
3% (1) CWE-189 Numeric Errors
3% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
46258 GraphicsMagick DPX Image Handling Unspecified DoS
46257 GraphicsMagick CINEON Image Handling Unspecified DoS
46256 GraphicsMagick XCF Image Handling Unspecified DoS
46255 GraphicsMagick coders/pict.c DecodeImage() Function PICT Image Handling Overflow
46254 GraphicsMagick coders/palm.c ReadPALMImage() Function PALM Image Handling Ove...

OpenVAS Exploits

id Description
2009-10-13 Name : Debian Security Advisory DSA 1903-1 (graphicsmagick)
File : nvt/deb_1903_1.nasl
2009-02-18 Name : GraphicsMagick Multiple Vulnerabilities (Linux)
File : nvt/gb_graphicsmagick_mult_vuln_lin.nasl
2009-02-18 Name : GraphicsMagick Multiple Vulnerabilities (Win)
File : nvt/gb_graphicsmagick_mult_vuln_win.nasl

Snort® IPS/IDS

Date Description
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39097 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39096 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39095 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39094 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39093 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39092 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39091 - Type : FILE-IMAGE - Revision : 2
2016-07-01 ImageMagick and GraphicsMagick OpenBlob command injection attempt
RuleID : 39090 - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4321.nasl - Type: ACT_GATHER_INFO
2018-08-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-1456.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO
2018-06-21 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_25f73c4768a84a309cbc1ca5eea4d6ba.nasl - Type: ACT_GATHER_INFO
2018-02-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1282.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-3a568adb31.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-8f27031c8f.nasl - Type: ACT_GATHER_INFO
2017-06-20 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1599-1.nasl - Type: ACT_GATHER_INFO
2017-06-16 Name: An application installed on the remote Windows host is affected by multiple v...
File: imagemagick_7_0_5_8.nasl - Type: ACT_GATHER_INFO
2017-06-15 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-686.nasl - Type: ACT_GATHER_INFO
2017-06-07 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1489-1.nasl - Type: ACT_GATHER_INFO
2017-05-31 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-3302-1.nasl - Type: ACT_GATHER_INFO
2017-05-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-960.nasl - Type: ACT_GATHER_INFO
2017-05-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-953.nasl - Type: ACT_GATHER_INFO
2017-05-26 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3863.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2016-1029.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-820.nasl - Type: ACT_GATHER_INFO
2017-04-03 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-411.nasl - Type: ACT_GATHER_INFO
2017-03-31 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-413.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-d2bab54ac9.nasl - Type: ACT_GATHER_INFO
2017-03-10 Name: The remote Fedora host is missing a security update.
File: fedora_2017-c71a0f40f0.nasl - Type: ACT_GATHER_INFO
2016-12-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3746.nasl - Type: ACT_GATHER_INFO
2016-12-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1430.nasl - Type: ACT_GATHER_INFO
2016-12-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2964-1.nasl - Type: ACT_GATHER_INFO
2016-11-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1282.nasl - Type: ACT_GATHER_INFO