Search for packages
| purl | pkg:deb/ubuntu/graphicsmagick@1.3.27-3 |
| Next non-vulnerable version | 1.4+really1.3.34+hg16181-1 |
| Latest non-vulnerable version | 1.4+really1.3.34+hg16181-1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-13t8-37w3-aaaa
Aliases: CVE-2019-11473 |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
Affected by 5 other vulnerabilities. |
|
VCID-32as-dj1z-aaae
Aliases: CVE-2019-11007 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. |
Affected by 9 other vulnerabilities. |
|
VCID-35aj-7w7n-aaar
Aliases: CVE-2018-20189 |
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. |
Affected by 15 other vulnerabilities. |
|
VCID-3gx5-m3je-aaan
Aliases: CVE-2017-18231 |
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. |
Affected by 20 other vulnerabilities. |
|
VCID-4272-5r37-aaac
Aliases: CVE-2018-5685 |
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. |
Affected by 25 other vulnerabilities. |
|
VCID-57py-peab-aaab
Aliases: CVE-2019-19951 |
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. |
Affected by 2 other vulnerabilities. |
|
VCID-8mmf-cnre-aaap
Aliases: CVE-2017-18219 |
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. |
Affected by 20 other vulnerabilities. |
|
VCID-a38q-1c3x-aaab
Aliases: CVE-2019-11006 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. |
Affected by 9 other vulnerabilities. |
|
VCID-cstx-zz61-aaac
Aliases: CVE-2019-19950 |
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. |
Affected by 2 other vulnerabilities. |
|
VCID-epaa-mnx2-aaaa
Aliases: CVE-2018-20184 |
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. |
Affected by 15 other vulnerabilities. |
|
VCID-fq1c-u7he-aaaq
Aliases: CVE-2019-11009 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. |
Affected by 9 other vulnerabilities. |
|
VCID-heje-u42k-aaab
Aliases: CVE-2019-11474 |
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. |
Affected by 5 other vulnerabilities. |
|
VCID-j5d3-fc4u-aaad
Aliases: CVE-2019-11506 |
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. |
Affected by 5 other vulnerabilities. |
|
VCID-jca6-a2hb-aaad
Aliases: CVE-2017-18230 |
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. |
Affected by 20 other vulnerabilities. |
|
VCID-jj1p-wyuw-aaab
Aliases: CVE-2017-13066 |
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. |
Affected by 18 other vulnerabilities. |
|
VCID-key9-73sa-aaar
Aliases: CVE-2019-11008 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. |
Affected by 9 other vulnerabilities. |
|
VCID-mqm5-6qzb-aaaa
Aliases: CVE-2020-10938 |
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
Affected by 0 other vulnerabilities. |
|
VCID-mv6h-78vn-aaab
Aliases: CVE-2019-11010 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. |
Affected by 9 other vulnerabilities. |
|
VCID-n35h-bnx1-aaaa
Aliases: CVE-2019-11505 |
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. |
Affected by 5 other vulnerabilities. |
|
VCID-rv49-gcpf-aaaj
Aliases: CVE-2017-18229 |
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. |
Affected by 20 other vulnerabilities. |
|
VCID-sgq8-t27e-aaaj
Aliases: CVE-2018-20185 |
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. |
Affected by 15 other vulnerabilities. |
|
VCID-tp1k-98ce-aaah
Aliases: CVE-2018-6799 |
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. |
Affected by 20 other vulnerabilities. |
|
VCID-tykx-gzfz-aaag
Aliases: CVE-2019-11005 |
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. |
Affected by 9 other vulnerabilities. |
|
VCID-w82e-2fr6-aaap
Aliases: CVE-2019-19953 |
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. |
Affected by 0 other vulnerabilities. |
|
VCID-xx8k-pq1r-aaam
Aliases: CVE-2018-9018 |
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
Affected by 18 other vulnerabilities. |
|
VCID-ys7z-wtkj-aaaf
Aliases: CVE-2019-12921 |
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-197v-9kuz-aaak | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. |
CVE-2017-17912
|
| VCID-vuys-byjr-aaaa | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. |
CVE-2017-17913
|
| VCID-xavw-wca6-aaas | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. |
CVE-2017-17915
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|