Graphicsmagick: >> Graphicsmagick >> 1.3.31 Security Vulnerabilities
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
CVSS Score
4.0
EPSS Score
0.003
Published
2025-04-09
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
CVSS Score
4.5
EPSS Score
0.001
Published
2025-03-07
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
CVSS Score
4.3
EPSS Score
0.003
Published
2025-03-07
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-05-06
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVSS Score
9.8
EPSS Score
0.029
Published
2020-03-24
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
CVSS Score
6.5
EPSS Score
0.065
Published
2020-03-18
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-04-24
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-04-24
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
CVSS Score
6.5
EPSS Score
0.03
Published
2019-04-23
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
CVSS Score
6.5
EPSS Score
0.013
Published
2019-04-23
Page 1