Shodan
Vulnerabilities
Vulnerable Software
Graphicsmagick:  >> Graphicsmagick  Security Vulnerabilities
CVE-2017-9098
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-05-19
CVE-2017-6335
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-14
CVE-2016-9830
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
CVSS Score
5.5
EPSS Score
0.006
Published
2017-03-01
CVE-2016-5240
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
CVSS Score
5.5
EPSS Score
0.006
Published
2017-02-27
CVE-2016-8682
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
CVSS Score
7.5
EPSS Score
0.018
Published
2017-02-15
CVE-2016-8683
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
CVSS Score
7.8
EPSS Score
0.003
Published
2017-02-15
CVE-2016-8684
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
CVSS Score
7.8
EPSS Score
0.014
Published
2017-02-15
CVE-2016-7446
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVSS Score
9.8
EPSS Score
0.02
Published
2017-02-06
CVE-2016-7447
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.02
Published
2017-02-06
CVE-2016-7448
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVSS Score
7.5
EPSS Score
0.042
Published
2017-02-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved