Summary
| Detail | |||
|---|---|---|---|
| Vendor | Graphicsmagick | First view | 2012-08-07 |
| Product | Graphicsmagick | Last view | 2020-05-06 |
| Version | 1.3.16 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:graphicsmagick:graphicsmagick | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2020-05-06 | CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. |
| 9.8 | 2020-03-24 | CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
| 6.5 | 2020-03-18 | CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
| 8.8 | 2019-04-24 | CVE-2019-11505 | In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. |
| 6.5 | 2019-04-08 | CVE-2019-11010 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
| 8.1 | 2019-04-08 | CVE-2019-11009 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
| 8.8 | 2019-04-08 | CVE-2019-11008 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
| 8.1 | 2019-04-08 | CVE-2019-11007 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
| 9.1 | 2019-04-08 | CVE-2019-11006 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
| 9.8 | 2019-04-08 | CVE-2019-11005 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
| 7.5 | 2019-02-04 | CVE-2019-7397 | In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. |
| 6.5 | 2018-10-20 | CVE-2018-18544 | There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. |
| 8.8 | 2018-02-07 | CVE-2018-6799 | The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. |
| 7.5 | 2017-05-19 | CVE-2017-9098 | ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. |
| 5.5 | 2017-03-14 | CVE-2017-6335 | The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. |
| 5.5 | 2017-02-27 | CVE-2016-5240 | The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. |
| 7.5 | 2017-02-06 | CVE-2016-7800 | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. |
| 7.5 | 2017-02-06 | CVE-2016-7448 | The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. |
| 9.8 | 2017-02-06 | CVE-2016-7447 | Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. |
| 5.5 | 2017-02-03 | CVE-2016-5241 | magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. |
| 7.5 | 2017-01-18 | CVE-2016-7997 | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. |
| 9.8 | 2017-01-18 | CVE-2016-7996 | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. |
| 5.5 | 2016-07-13 | CVE-2015-8808 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. |
| 9.8 | 2016-06-10 | CVE-2016-5118 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. |
| 4.3 | 2013-11-23 | CVE-2013-4589 | The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 24% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (5) | CWE-787 | Out-of-bounds Write |
| 16% (4) | CWE-125 | Out-of-bounds Read |
| 8% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 4% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 4% (1) | CWE-476 | NULL Pointer Dereference |
| 4% (1) | CWE-399 | Resource Management Errors |
| 4% (1) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
| 4% (1) | CWE-190 | Integer Overflow or Wraparound |
| 4% (1) | CWE-189 | Numeric Errors |
| 4% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
| 4% (1) | CWE-20 | Improper Input Validation |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-10-16 | Name : Mandriva Update for graphicsmagick MDVSA-2012:165 (graphicsmagick) File : nvt/gb_mandriva_MDVSA_2012_165.nasl |
| 2012-09-26 | Name : FreeBSD Ports: ImageMagick, ImageMagick-nox11 File : nvt/freebsd_ImageMagick8.nasl |
| 2012-09-11 | Name : Fedora Update for GraphicsMagick FEDORA-2012-12352 File : nvt/gb_fedora_2012_12352_GraphicsMagick_fc17.nasl |
| 2012-09-11 | Name : Fedora Update for GraphicsMagick FEDORA-2012-12366 File : nvt/gb_fedora_2012_12366_GraphicsMagick_fc16.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39097 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39096 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39095 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39094 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39093 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39092 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39091 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39090 - Type : FILE-IMAGE - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-10-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4321.nasl - Type: ACT_GATHER_INFO |
| 2018-08-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-1456.nasl - Type: ACT_GATHER_INFO |
| 2018-06-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO |
| 2018-06-21 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_25f73c4768a84a309cbc1ca5eea4d6ba.nasl - Type: ACT_GATHER_INFO |
| 2018-02-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1282.nasl - Type: ACT_GATHER_INFO |
| 2017-09-20 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2017-3a568adb31.nasl - Type: ACT_GATHER_INFO |
| 2017-09-19 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2017-8f27031c8f.nasl - Type: ACT_GATHER_INFO |
| 2017-06-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1599-1.nasl - Type: ACT_GATHER_INFO |
| 2017-06-16 | Name: An application installed on the remote Windows host is affected by multiple v... File: imagemagick_7_0_5_8.nasl - Type: ACT_GATHER_INFO |
| 2017-06-15 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-686.nasl - Type: ACT_GATHER_INFO |
| 2017-06-07 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1489-1.nasl - Type: ACT_GATHER_INFO |
| 2017-05-31 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3302-1.nasl - Type: ACT_GATHER_INFO |
| 2017-05-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-960.nasl - Type: ACT_GATHER_INFO |
| 2017-05-30 | Name: The remote Debian host is missing a security update. File: debian_DLA-953.nasl - Type: ACT_GATHER_INFO |
| 2017-05-26 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3863.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1029.nasl - Type: ACT_GATHER_INFO |
| 2017-04-21 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2017-820.nasl - Type: ACT_GATHER_INFO |
| 2017-04-03 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-411.nasl - Type: ACT_GATHER_INFO |
| 2017-03-31 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-413.nasl - Type: ACT_GATHER_INFO |
| 2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-d2bab54ac9.nasl - Type: ACT_GATHER_INFO |
| 2017-03-10 | Name: The remote Fedora host is missing a security update. File: fedora_2017-c71a0f40f0.nasl - Type: ACT_GATHER_INFO |
| 2016-12-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3746.nasl - Type: ACT_GATHER_INFO |
| 2016-12-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1430.nasl - Type: ACT_GATHER_INFO |
| 2016-12-01 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2964-1.nasl - Type: ACT_GATHER_INFO |
| 2016-11-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1282.nasl - Type: ACT_GATHER_INFO |
