Download
| Alert*
oval:org.secpod.oval:def:53452
The update of Graphicsmagick in DSA-4321-1 introduced a change in the handling of case-sensitivity in an internal API function which could affect some code built against the GraphicsMagick libraries. This update restores the previous behaviour. oval:org.secpod.oval:def:605108 graphicsmagick is installed oval:org.secpod.oval:def:34317 graphicsmagick is installed oval:org.secpod.oval:def:107416 GraphicsMagick is installed oval:org.secpod.oval:def:1600462 A possible heap overflow was discovered in the EscapeParenthesis function .Various issues were found in the processing of SVG files in GraphicsMagick .The TIFF reader had a bug pertaining to use of TIFFGetField when a "count" value is returned. The bug caused a heap read overflow which could allow ... oval:org.secpod.oval:def:1800246 graphicsmagick is installed oval:org.secpod.oval:def:604835 Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in information disclosure, denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:107453 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:107466 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:107415 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.mitre.oval:def:12327 GraphicsMagick is installed oval:org.secpod.oval:def:111315 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:110180 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:111329 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1600135 A buffer overflow flaw affecting ImageMagick and GraphicsMagic when handling PSD images was reported. oval:org.secpod.oval:def:1901829 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a quoted font family value. oval:org.secpod.oval:def:604787 This update fixes several vulnerabilities in Graphicsmagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed. oval:org.secpod.oval:def:62246 This update fixes several vulnerabilities in Graphicsmagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed. oval:org.secpod.oval:def:69962 This update fixes several vulnerabilities in Graphicsmagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed. oval:org.secpod.oval:def:110621 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:110617 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1600692 The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file.The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial o ... oval:org.secpod.oval:def:1600358 An out-of-bounds read flaw was found in the parsing of GIF files using GraphicsMagick. oval:org.secpod.oval:def:112130 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:602713 Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based sh ... oval:org.secpod.oval:def:1600420 It was discovered that GraphicsMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using GraphicsMagick or an unsuspecting user using the GraphicsMagick utilities, would le ... oval:org.secpod.oval:def:112159 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1901390 GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage function in coders/png.c. oval:org.secpod.oval:def:1600847 Memory information disclosure in DescribeImage function in magick/describe.cGraphicsMagick is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing th ... oval:org.secpod.oval:def:1800247 CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1800245 CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. oval:org.secpod.oval:def:1800297 CVE-2017-13775: GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. oval:org.secpod.oval:def:1800266 CVE-2017-13775: GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. oval:org.secpod.oval:def:1800738 CVE-2017-11642: GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. oval:org.secpod.oval:def:2001623 There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:2004236 GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. oval:org.secpod.oval:def:94975 graphicsmagick: collection of image processing tools Several security issues were fixed in GraphicsMagick. oval:org.secpod.oval:def:1900065 In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function . Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. oval:org.secpod.oval:def:1900179 When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service in ReadMATImage if the size specified for a MAT Object is larger than the actual amount of data. oval:org.secpod.oval:def:1900742 The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. oval:org.secpod.oval:def:1900738 The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file, because the program"s actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and cons ... oval:org.secpod.oval:def:1901065 In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. oval:org.secpod.oval:def:603548 Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:53442 Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in denial of service or the execution of arbitrary code if malformed image files are processed. oval:org.secpod.oval:def:603558 The update of Graphicsmagick in DSA-4321-1 introduced a change in the handling of case-sensitivity in an internal API function which could affect some code built against the GraphicsMagick libraries. This update restores the previous behaviour. oval:org.secpod.oval:def:1901386 The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. oval:org.secpod.oval:def:1901403 In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. oval:org.secpod.oval:def:2001138 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:2000218 In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:1901813 GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. oval:org.secpod.oval:def:705303 graphicsmagick: collection of image processing tools Several security issues were fixed in GraphicsMagick. oval:org.secpod.oval:def:1901825 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. oval:org.secpod.oval:def:1901827 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. oval:org.secpod.oval:def:1901826 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. oval:org.secpod.oval:def:1901821 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. oval:org.secpod.oval:def:1901820 In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. oval:org.secpod.oval:def:1901876 In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. oval:org.secpod.oval:def:1901875 In GraphicsMagick 1.4 snapshot-20181209 Q8 there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specific ... oval:org.secpod.oval:def:2000905 In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specifi ... oval:org.secpod.oval:def:1901869 In GraphicsMagick 1.3.31 the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping , and therefore lacks indexes initialization. oval:org.secpod.oval:def:34321 ImageMagick allows to get content of the files from the server by using 'label' pseudo protocol. oval:org.secpod.oval:def:34320 ImageMagick allows to move image files to file with any extension in any folder by using 'msl' pseudo protocol. oval:org.secpod.oval:def:34318 ImageMagick allows to make HTTP GET or FTP request. oval:org.secpod.oval:def:34319 ImageMagick allows to delete files by using 'ephemeral' pseudo protocol which deletes files after reading. oval:org.secpod.oval:def:34316 ImageMagick allows to process files with external libraries. This feature is called 'delegate'. It is implemented as a system() with command string ('command') from the config file delegates.xml with actual value for different params (input/output filenames etc). Due to insufficient %M param filteri ... oval:org.secpod.oval:def:1900862 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. oval:org.secpod.oval:def:1901555 ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1900740 Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:705297 graphicsmagick: collection of image processing tools Several security issues were fixed in GraphicsMagick. oval:org.secpod.oval:def:1900903 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. oval:org.secpod.oval:def:1900748 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage function in coders/pcl.c during writes of monochrome images. oval:org.secpod.oval:def:1900865 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900181 When GraphicsMagick 1.3.25 processes a DPX image in coders/dpx.c, a denial of service can occur inReadDPXImage. oval:org.secpod.oval:def:1901151 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. oval:org.secpod.oval:def:1900182 When GraphicsMagick 1.3.25 processes an RGB libtiff-tools picture in coders/libtiff-tools.c, a buffer overflowoccurs, related to QuantumTransferMode. oval:org.secpod.oval:def:112619 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1901168 ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901566 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. oval:org.secpod.oval:def:1901163 ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. oval:org.secpod.oval:def:1901440 The QuantumTransferMode function in coders/libtiff-tools.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file. oval:org.secpod.oval:def:1900909 An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1800450 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. oval:org.secpod.oval:def:1800694 CVE-2017-14314: Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted file. oval:org.secpod.oval:def:1900200 The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26allows remote attackers to cause a denial of service during JNG read ing via a zero-length color_image data structure. oval:org.secpod.oval:def:1901251 GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIF ... oval:org.secpod.oval:def:112920 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:112641 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1900963 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. oval:org.secpod.oval:def:1900962 The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service via crafted JPEG files. oval:org.secpod.oval:def:1901490 WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1800526 CVE-2017-13065: GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. oval:org.secpod.oval:def:113967 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:113969 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:112639 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1901384 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. oval:org.secpod.oval:def:1901141 The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. oval:org.secpod.oval:def:1900297 In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null PointerDereference occurs while transferring JPEG scanlines, related to aPixelPacket pointer. oval:org.secpod.oval:def:1900856 An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/libtiff-tools.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and til ... oval:org.secpod.oval:def:1901548 There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:112590 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:1800356 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. oval:org.secpod.oval:def:1900292 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data someti ... oval:org.secpod.oval:def:1900784 In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. oval:org.secpod.oval:def:1901477 GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. oval:org.secpod.oval:def:1901197 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. oval:org.secpod.oval:def:1901351 GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. oval:org.secpod.oval:def:1901352 GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile informat ... oval:org.secpod.oval:def:1900306 In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read inReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. oval:org.secpod.oval:def:1900947 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/libtiff-tools.c, in which LocaleNCompare reads heap data beyond the allocated region. oval:org.secpod.oval:def:1901518 GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage function in coders/rgb.c when processing multiple frames that have non-identical widths. oval:org.secpod.oval:def:1901479 GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage function in coders/cmyk.c when processing multiple frames that have non-identical widths. oval:org.secpod.oval:def:1901118 GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. oval:org.secpod.oval:def:1901192 The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file. oval:org.secpod.oval:def:1900260 A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. oval:org.secpod.oval:def:1901470 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. oval:org.secpod.oval:def:1901194 WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1900676 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. oval:org.secpod.oval:def:1900679 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service because of an integer underflow in ReadPICTImage in coders/pict.c. oval:org.secpod.oval:def:1900949 ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. oval:org.secpod.oval:def:1901054 In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. oval:org.secpod.oval:def:1901177 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service . oval:org.secpod.oval:def:1901452 GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. oval:org.secpod.oval:def:1901052 GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. oval:org.secpod.oval:def:1600770 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file oval:org.secpod.oval:def:1900895 GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache files. oval:org.secpod.oval:def:1901109 The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a malformed WPG image. oval:org.secpod.oval:def:1901469 GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. oval:org.secpod.oval:def:610282 It was discovered that a buffer overflow in GraphicsMagick, a collection of image processing tools, could potentially result in the execution of arbitrary code when processing a malformed MIFF image. oval:org.secpod.oval:def:3300859 SUSE Security Update: Security update for GraphicsMagick oval:org.secpod.oval:def:2000445 There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. oval:org.secpod.oval:def:2001506 In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. oval:org.secpod.oval:def:117666 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. oval:org.secpod.oval:def:117661 GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by the GraphicsMagick Group to significantly improve the quality and performance of the software. |