Search for packages
| purl | pkg:deb/ubuntu/graphicsmagick@1.3.26-12 |
| Next non-vulnerable version | 1.4+really1.3.34+hg16181-1 |
| Latest non-vulnerable version | 1.4+really1.3.34+hg16181-1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13t8-37w3-aaaa
Aliases: CVE-2019-11473 |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
Affected by 5 other vulnerabilities. |
|
VCID-197v-9kuz-aaak
Aliases: CVE-2017-17912 |
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. |
Affected by 26 other vulnerabilities. |
|
VCID-1r5a-fted-aaar
Aliases: CVE-2017-16353 |
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. |
Affected by 40 other vulnerabilities. |
|
VCID-32as-dj1z-aaae
Aliases: CVE-2019-11007 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
Affected by 9 other vulnerabilities. |
|
VCID-35aj-7w7n-aaar
Aliases: CVE-2018-20189 |
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. |
Affected by 15 other vulnerabilities. |
|
VCID-3gx5-m3je-aaan
Aliases: CVE-2017-18231 |
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. |
Affected by 20 other vulnerabilities. |
|
VCID-4272-5r37-aaac
Aliases: CVE-2018-5685 |
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. |
Affected by 25 other vulnerabilities. |
|
VCID-54uk-rmny-aaad
Aliases: CVE-2017-15277 |
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. |
Affected by 44 other vulnerabilities. |
|
VCID-57py-peab-aaab
Aliases: CVE-2019-19951 |
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. |
Affected by 2 other vulnerabilities. |
|
VCID-6zsf-bavv-aaar
Aliases: CVE-2017-13737 |
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. |
Affected by 43 other vulnerabilities. |
|
VCID-8mmf-cnre-aaap
Aliases: CVE-2017-18219 |
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. |
Affected by 20 other vulnerabilities. |
|
VCID-a38q-1c3x-aaab
Aliases: CVE-2019-11006 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
Affected by 9 other vulnerabilities. |
|
VCID-a7dc-cxyq-aaac
Aliases: CVE-2017-14997 |
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. |
Affected by 46 other vulnerabilities. |
|
VCID-c6nh-z2ta-aaam
Aliases: CVE-2017-15238 |
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. |
Affected by 44 other vulnerabilities. |
|
VCID-ce4k-8v67-aaad
Aliases: CVE-2017-17783 |
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. |
Affected by 29 other vulnerabilities. |
|
VCID-cstx-zz61-aaac
Aliases: CVE-2019-19950 |
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. |
Affected by 2 other vulnerabilities. |
|
VCID-cucv-29sj-aaaa
Aliases: CVE-2017-17502 |
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. |
Affected by 31 other vulnerabilities. |
|
VCID-dkxy-zuws-aaac
Aliases: CVE-2017-14733 |
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. |
Affected by 46 other vulnerabilities. |
|
VCID-en4r-ay1n-aaaq
Aliases: CVE-2017-13134 |
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. |
Affected by 36 other vulnerabilities. |
|
VCID-epaa-mnx2-aaaa
Aliases: CVE-2018-20184 |
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. |
Affected by 15 other vulnerabilities. |
|
VCID-fq1c-u7he-aaaq
Aliases: CVE-2019-11009 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
Affected by 9 other vulnerabilities. |
|
VCID-heje-u42k-aaab
Aliases: CVE-2019-11474 |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
Affected by 5 other vulnerabilities. |
|
VCID-hpsb-n11g-aaam
Aliases: CVE-2017-14994 |
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. |
Affected by 46 other vulnerabilities. |
|
VCID-j5d3-fc4u-aaad
Aliases: CVE-2019-11506 |
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. |
Affected by 5 other vulnerabilities. |
|
VCID-jca6-a2hb-aaad
Aliases: CVE-2017-18230 |
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. |
Affected by 20 other vulnerabilities. |
|
VCID-jj1p-wyuw-aaab
Aliases: CVE-2017-13066 |
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. |
Affected by 18 other vulnerabilities. |
|
VCID-k9rj-3gde-aaaj
Aliases: CVE-2017-17500 |
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. |
Affected by 31 other vulnerabilities. |
|
VCID-key9-73sa-aaar
Aliases: CVE-2019-11008 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
Affected by 9 other vulnerabilities. |
|
VCID-kp51-twdw-aaaa
Aliases: CVE-2017-16669 |
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. |
Affected by 36 other vulnerabilities. |
|
VCID-mqm5-6qzb-aaaa
Aliases: CVE-2020-10938 |
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
Affected by 0 other vulnerabilities. |
|
VCID-mv6h-78vn-aaab
Aliases: CVE-2019-11010 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
Affected by 9 other vulnerabilities. |
|
VCID-n35h-bnx1-aaaa
Aliases: CVE-2019-11505 |
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. |
Affected by 5 other vulnerabilities. |
|
VCID-nq35-me8d-aaab
Aliases: CVE-2017-15930 |
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. |
Affected by 42 other vulnerabilities. |
|
VCID-q196-d43v-aaab
Aliases: CVE-2017-17501 |
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. |
Affected by 31 other vulnerabilities. |
|
VCID-rv49-gcpf-aaaj
Aliases: CVE-2017-18229 |
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. |
Affected by 20 other vulnerabilities. |
|
VCID-sc3u-6tgj-aaac
Aliases: CVE-2017-17498 |
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 31 other vulnerabilities. |
|
VCID-sgq8-t27e-aaaj
Aliases: CVE-2018-20185 |
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. |
Affected by 15 other vulnerabilities. |
|
VCID-srwj-emry-aaam
Aliases: CVE-2017-16547 |
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. |
Affected by 38 other vulnerabilities. |
|
VCID-t66a-1ub4-aaac
Aliases: CVE-2017-17503 |
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. |
Affected by 31 other vulnerabilities. |
|
VCID-tp1k-98ce-aaah
Aliases: CVE-2018-6799 |
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. |
Affected by 20 other vulnerabilities. |
|
VCID-tykx-gzfz-aaag
Aliases: CVE-2019-11005 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
Affected by 9 other vulnerabilities. |
|
VCID-vuys-byjr-aaaa
Aliases: CVE-2017-17913 |
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. |
Affected by 26 other vulnerabilities. |
|
VCID-w82e-2fr6-aaap
Aliases: CVE-2019-19953 |
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
Affected by 0 other vulnerabilities. |
|
VCID-xamc-1unn-aaac
Aliases: CVE-2017-16545 |
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. |
Affected by 38 other vulnerabilities. |
|
VCID-xavw-wca6-aaas
Aliases: CVE-2017-17915 |
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. |
Affected by 26 other vulnerabilities. |
|
VCID-xgs6-s7vw-aaas
Aliases: CVE-2017-16352 |
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. |
Affected by 40 other vulnerabilities. |
|
VCID-xx8k-pq1r-aaam
Aliases: CVE-2018-9018 |
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
Affected by 18 other vulnerabilities. |
|
VCID-yrkg-jnc8-aaaq
Aliases: CVE-2017-17782 |
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. |
Affected by 29 other vulnerabilities. |
|
VCID-ys7z-wtkj-aaaf
Aliases: CVE-2019-12921 |
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-wvz2-nfse-aaak | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). |
CVE-2017-14649
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|