Summary
| Detail | |||
|---|---|---|---|
| Vendor | Graphicsmagick | First view | 2017-01-18 |
| Product | Graphicsmagick | Last view | 2020-05-06 |
| Version | 1.3.24 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:graphicsmagick:graphicsmagick | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2020-05-06 | CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. |
| 9.8 | 2020-03-24 | CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
| 6.5 | 2020-03-18 | CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
| 8.8 | 2019-04-24 | CVE-2019-11505 | In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. |
| 6.5 | 2019-04-08 | CVE-2019-11010 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
| 8.1 | 2019-04-08 | CVE-2019-11009 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
| 8.8 | 2019-04-08 | CVE-2019-11008 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
| 8.1 | 2019-04-08 | CVE-2019-11007 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
| 9.1 | 2019-04-08 | CVE-2019-11006 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
| 9.8 | 2019-04-08 | CVE-2019-11005 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
| 7.5 | 2019-02-04 | CVE-2019-7397 | In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. |
| 6.5 | 2018-10-20 | CVE-2018-18544 | There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. |
| 8.8 | 2018-02-07 | CVE-2018-6799 | The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. |
| 5.5 | 2017-03-14 | CVE-2017-6335 | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. |
| 7.5 | 2017-02-06 | CVE-2016-7800 | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. |
| 7.5 | 2017-02-06 | CVE-2016-7449 | The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. |
| 7.5 | 2017-02-06 | CVE-2016-7448 | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. |
| 9.8 | 2017-02-06 | CVE-2016-7447 | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. |
| 9.8 | 2017-02-06 | CVE-2016-7446 | Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. |
| 7.5 | 2017-01-18 | CVE-2016-7997 | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. |
| 9.8 | 2017-01-18 | CVE-2016-7996 | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (5) | CWE-125 | Out-of-bounds Read |
| 22% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 18% (4) | CWE-787 | Out-of-bounds Write |
| 9% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 4% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 4% (1) | CWE-476 | NULL Pointer Dereference |
| 4% (1) | CWE-399 | Resource Management Errors |
| 4% (1) | CWE-200 | Information Exposure |
| 4% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 4% (1) | CWE-190 | Integer Overflow or Wraparound |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-10-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4321.nasl - Type: ACT_GATHER_INFO |
| 2018-08-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-1456.nasl - Type: ACT_GATHER_INFO |
| 2018-06-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO |
| 2018-06-21 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_25f73c4768a84a309cbc1ca5eea4d6ba.nasl - Type: ACT_GATHER_INFO |
| 2018-02-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1282.nasl - Type: ACT_GATHER_INFO |
| 2017-04-21 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-820.nasl - Type: ACT_GATHER_INFO |
| 2017-04-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-411.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-413.nasl - Type: ACT_GATHER_INFO |
| 2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d2bab54ac9.nasl - Type: ACT_GATHER_INFO |
| 2017-03-10 | Name: The remote Fedora host is missing a security update. File: fedora_2017-c71a0f40f0.nasl - Type: ACT_GATHER_INFO |
| 2016-12-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3746.nasl - Type: ACT_GATHER_INFO |
| 2016-12-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1430.nasl - Type: ACT_GATHER_INFO |
| 2016-12-01 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2964-1.nasl - Type: ACT_GATHER_INFO |
| 2016-11-15 | Name: The remote Fedora host is missing a security update. File: fedora_2016-f7195d5e5a.nasl - Type: ACT_GATHER_INFO |
| 2016-11-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1282.nasl - Type: ACT_GATHER_INFO |
| 2016-10-31 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2667-1.nasl - Type: ACT_GATHER_INFO |
| 2016-10-31 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1242.nasl - Type: ACT_GATHER_INFO |
| 2016-10-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1230.nasl - Type: ACT_GATHER_INFO |
| 2016-10-27 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1229.nasl - Type: ACT_GATHER_INFO |
| 2016-10-27 | Name: The remote Debian host is missing a security update. File: debian_DLA-683.nasl - Type: ACT_GATHER_INFO |
| 2016-10-13 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-752.nasl - Type: ACT_GATHER_INFO |
| 2016-10-12 | Name: The remote Debian host is missing a security update. File: debian_DLA-651.nasl - Type: ACT_GATHER_INFO |
| 2016-09-19 | Name: The remote Fedora host is missing a security update. File: fedora_2016-390ec4a8f3.nasl - Type: ACT_GATHER_INFO |
| 2016-09-15 | Name: The remote Fedora host is missing a security update. File: fedora_2016-0bdf82500f.nasl - Type: ACT_GATHER_INFO |
