Graphicsmagick: >> Graphicsmagick >> 1.3.26 Security Vulnerabilities
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-26
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-07-18
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-10
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-07-10
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
CVSS Score
7.5
EPSS Score
0.02
Published
2017-07-07
Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information.
CVSS Score
7.8
EPSS Score
0.007
Published
2009-04-06
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
CVSS Score
9.3
EPSS Score
0.069
Published
2007-02-12
Page 7