Summary
Detail | |||
---|---|---|---|
Vendor | Graphicsmagick | First view | 2005-04-25 |
Product | Graphicsmagick | Last view | 2023-08-22 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2023-08-22 | CVE-2020-21679 | Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. |
7.8 | 2022-09-28 | CVE-2022-1270 | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. |
7.5 | 2020-05-06 | CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. |
9.8 | 2020-03-24 | CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
6.5 | 2020-03-18 | CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
9.1 | 2019-12-24 | CVE-2019-19953 | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
9.8 | 2019-12-24 | CVE-2019-19951 | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. |
9.8 | 2019-12-24 | CVE-2019-19950 | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. |
8.8 | 2019-04-24 | CVE-2019-11506 | In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. |
8.8 | 2019-04-24 | CVE-2019-11505 | In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. |
6.5 | 2019-04-23 | CVE-2019-11474 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
6.5 | 2019-04-23 | CVE-2019-11473 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
6.5 | 2019-04-08 | CVE-2019-11010 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
8.1 | 2019-04-08 | CVE-2019-11009 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
8.8 | 2019-04-08 | CVE-2019-11008 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
8.1 | 2019-04-08 | CVE-2019-11007 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
9.1 | 2019-04-08 | CVE-2019-11006 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
9.8 | 2019-04-08 | CVE-2019-11005 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
7.5 | 2019-02-04 | CVE-2019-7397 | In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. |
6.5 | 2018-12-17 | CVE-2018-20189 | In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. |
5.3 | 2018-12-17 | CVE-2018-20185 | In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. |
6.5 | 2018-12-17 | CVE-2018-20184 | In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. |
6.5 | 2018-10-20 | CVE-2018-18544 | There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. |
6.5 | 2018-03-25 | CVE-2018-9018 | In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
6.5 | 2018-03-13 | CVE-2017-18231 | An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
22% (25) | CWE-125 | Out-of-bounds Read |
21% (24) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10% (11) | CWE-476 | NULL Pointer Dereference |
9% (10) | CWE-787 | Out-of-bounds Write |
6% (7) | CWE-416 | Use After Free |
6% (7) | CWE-20 | Improper Input Validation |
4% (5) | CWE-772 | Missing Release of Resource after Effective Lifetime |
2% (3) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
1% (2) | CWE-770 | Allocation of Resources Without Limits or Throttling |
1% (2) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
1% (2) | CWE-399 | Resource Management Errors |
1% (2) | CWE-200 | Information Exposure |
1% (2) | CWE-191 | Integer Underflow (Wrap or Wraparound) |
0% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
0% (1) | CWE-682 | Incorrect Calculation |
0% (1) | CWE-617 | Reachable Assertion |
0% (1) | CWE-415 | Double Free |
0% (1) | CWE-369 | Divide By Zero |
0% (1) | CWE-190 | Integer Overflow or Wraparound |
0% (1) | CWE-189 | Numeric Errors |
0% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:9925 | Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as... |
oval:org.mitre.oval:def:711 | ImageMagick Buffer Overflow in ReadPNMImage() |
oval:org.mitre.oval:def:10003 | Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMag... |
oval:org.mitre.oval:def:960 | Magick XWD Decoder DoS |
oval:org.mitre.oval:def:11667 | The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.... |
oval:org.mitre.oval:def:9765 | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.... |
oval:org.mitre.oval:def:25972 | SUSE-SU-2013:0757-1 -- Security update for ImageMagick |
oval:org.mitre.oval:def:25925 | SUSE-SU-2013:0756-1 -- Security update for ImageMagick |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
46633 | GraphicsMagick Multiple Decoders Unspecified DoS |
46632 | GraphicsMagick GetImageCharacteristics() Function File Comment Handling DoS |
46258 | GraphicsMagick DPX Image Handling Unspecified DoS |
46257 | GraphicsMagick CINEON Image Handling Unspecified DoS |
46256 | GraphicsMagick XCF Image Handling Unspecified DoS |
46255 | GraphicsMagick coders/pict.c DecodeImage() Function PICT Image Handling Overflow |
46254 | GraphicsMagick coders/palm.c ReadPALMImage() Function PALM Image Handling Ove... |
31911 | ImageMagick coders/palm.c ReadPALMImage Overflow |
29990 | ImageMagick ReadPALMImage Function Overflow |
29989 | ImageMagick coders/dcm.c Unspecified Overflow |
16775 | GraphicsMagick XWD Color Mask Decoding DoS |
16774 | ImageMagick XWD Color Mask Decoding DoS |
15891 | ImageMagick ReadPNMImage() PNM Image Decoding Overflow DoS |
13028 | ImageMagick PSD Image Decoding Module Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-10-16 | Name : Mandriva Update for graphicsmagick MDVSA-2012:165 (graphicsmagick) File : nvt/gb_mandriva_MDVSA_2012_165.nasl |
2012-09-26 | Name : FreeBSD Ports: ImageMagick, ImageMagick-nox11 File : nvt/freebsd_ImageMagick8.nasl |
2012-09-11 | Name : Fedora Update for GraphicsMagick FEDORA-2012-12352 File : nvt/gb_fedora_2012_12352_GraphicsMagick_fc17.nasl |
2012-09-11 | Name : Fedora Update for GraphicsMagick FEDORA-2012-12366 File : nvt/gb_fedora_2012_12366_GraphicsMagick_fc16.nasl |
2009-10-13 | Name : Debian Security Advisory DSA 1903-1 (graphicsmagick) File : nvt/deb_1903_1.nasl |
2009-04-09 | Name : Mandriva Update for ImageMagick MDKSA-2007:041 (ImageMagick) File : nvt/gb_mandriva_MDKSA_2007_041.nasl |
2009-03-23 | Name : Ubuntu Update for imagemagick vulnerabilities USN-422-1 File : nvt/gb_ubuntu_USN_422_1.nasl |
2009-02-27 | Name : Fedora Update for GraphicsMagick FEDORA-2007-1340 File : nvt/gb_fedora_2007_1340_GraphicsMagick_fc7.nasl |
2009-02-27 | Name : Fedora Update for ImageMagick FEDORA-2007-414 File : nvt/gb_fedora_2007_414_ImageMagick_fc5.nasl |
2009-02-18 | Name : GraphicsMagick Multiple Vulnerabilities (Linux) File : nvt/gb_graphicsmagick_mult_vuln_lin.nasl |
2009-02-18 | Name : GraphicsMagick Multiple Vulnerabilities (Win) File : nvt/gb_graphicsmagick_mult_vuln_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-19 (imagemagick) File : nvt/glsa_200611_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-07 (graphicsmagick) File : nvt/glsa_200611_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-16 (ImageMagick) File : nvt/glsa_200505_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-37 (GraphicsMagick) File : nvt/glsa_200501_37.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-26 (imagemagick) File : nvt/glsa_200501_26.nasl |
2008-09-04 | Name : FreeBSD Ports: ImageMagick File : nvt/freebsd_ImageMagick4.nasl |
2008-09-04 | Name : FreeBSD Ports: ImageMagick File : nvt/freebsd_ImageMagick0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 646-1 (imagemagick) File : nvt/deb_646_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1260-1 (imagemagick) File : nvt/deb_1260_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1213-1 (imagemagick) File : nvt/deb_1213_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-066-06 imagemagick File : nvt/esoft_slk_ssa_2007_066_06.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-12 | GraphicsMagick WMF use after free attempt RuleID : 50986 - Type : FILE-IMAGE - Revision : 2 |
2019-09-12 | GraphicsMagick WMF use after free attempt RuleID : 50985 - Type : FILE-IMAGE - Revision : 2 |
2017-10-10 | Real-DRAW PRO malformed PNG denial of service attempt RuleID : 44286 - Type : FILE-IMAGE - Revision : 3 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39097 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39096 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39095 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39094 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39093 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39092 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39091 - Type : FILE-IMAGE - Revision : 2 |
2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39090 - Type : FILE-IMAGE - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-12-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1619.nasl - Type: ACT_GATHER_INFO |
2018-10-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4321.nasl - Type: ACT_GATHER_INFO |
2018-08-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e714b7d239f649929f48e6b2f5f949df.nasl - Type: ACT_GATHER_INFO |
2018-08-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-1456.nasl - Type: ACT_GATHER_INFO |
2018-06-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO |
2018-06-21 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_25f73c4768a84a309cbc1ca5eea4d6ba.nasl - Type: ACT_GATHER_INFO |
2018-03-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-1322.nasl - Type: ACT_GATHER_INFO |
2018-03-09 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-966.nasl - Type: ACT_GATHER_INFO |
2018-02-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1282.nasl - Type: ACT_GATHER_INFO |
2018-02-01 | Name: The remote Fedora host is missing a security update. File: fedora_2018-7c61d08c4f.nasl - Type: ACT_GATHER_INFO |
2018-02-01 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bfb9835edd.nasl - Type: ACT_GATHER_INFO |
2018-01-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1245.nasl - Type: ACT_GATHER_INFO |
2018-01-09 | Name: The remote Debian host is missing a security update. File: debian_DLA-1231.nasl - Type: ACT_GATHER_INFO |
2017-12-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1386.nasl - Type: ACT_GATHER_INFO |
2017-12-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1346.nasl - Type: ACT_GATHER_INFO |
2017-12-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1362.nasl - Type: ACT_GATHER_INFO |
2017-11-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4040.nasl - Type: ACT_GATHER_INFO |
2017-11-16 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1276.nasl - Type: ACT_GATHER_INFO |
2017-11-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1170.nasl - Type: ACT_GATHER_INFO |
2017-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1168.nasl - Type: ACT_GATHER_INFO |
2017-11-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4032.nasl - Type: ACT_GATHER_INFO |
2017-11-06 | Name: The remote Debian host is missing a security update. File: debian_DLA-1159.nasl - Type: ACT_GATHER_INFO |
2017-11-02 | Name: The remote Debian host is missing a security update. File: debian_DLA-1154.nasl - Type: ACT_GATHER_INFO |
2017-10-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1199.nasl - Type: ACT_GATHER_INFO |
2017-10-20 | Name: The remote Debian host is missing a security update. File: debian_DLA-1139.nasl - Type: ACT_GATHER_INFO |