Shodan
Vulnerabilities
Vulnerable Software
Graphicsmagick:  >> Graphicsmagick  Security Vulnerabilities
CVE-2018-5685
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-01-14
CVE-2018-5360
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-01-14
CVE-2017-17912
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-12-27
CVE-2017-17913
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-12-27
CVE-2017-17915
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-12-27
CVE-2017-17782
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-12-20
CVE-2017-17783
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-12-20
CVE-2017-17498
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-12-11
CVE-2017-17500
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
CVSS Score
8.8
EPSS Score
0.023
Published
2017-12-11
CVE-2017-17501
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
CVSS Score
8.8
EPSS Score
0.023
Published
2017-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved