Graphicsmagick
By the Year
In 2024 there have been 0 vulnerabilities in Graphicsmagick . Last year Graphicsmagick had 1 security vulnerability published. Right now, Graphicsmagick is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 5.50 |
| 2022 | 1 | 7.80 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 7.93 |
| 2019 | 14 | 8.37 |
| 2018 | 7 | 7.16 |
It may take a day or so for new Graphicsmagick vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Graphicsmagick Security Vulnerabilities
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4
CVE-2020-21679
5.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
Memory Corruption
In GraphicsMagick
CVE-2022-1270
7.8 - High
- September 28, 2022
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
Buffer Overflow
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVE-2020-12672
7.5 - High
- May 06, 2020
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Memory Corruption
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2020-10938
9.8 - Critical
- March 24, 2020
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Memory Corruption
In GraphicsMagick before 1.3.32, the text filename component
CVE-2019-12921
6.5 - Medium
- March 18, 2020
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
Command Injection
In GraphicsMagick 1.4 snapshot-20191208 Q8
CVE-2019-19953
9.1 - Critical
- December 24, 2019
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Out-of-bounds Read
In GraphicsMagick 1.4 snapshot-20190423 Q8
CVE-2019-19951
9.8 - Critical
- December 24, 2019
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Memory Corruption
In GraphicsMagick 1.4 snapshot-20190403 Q8
CVE-2019-19950
9.8 - Critical
- December 24, 2019
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Dangling pointer
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which
CVE-2019-11506
8.8 - High
- April 24, 2019
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
Memory Corruption
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which
CVE-2019-11505
8.8 - High
- April 24, 2019
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
Memory Corruption
coders/xwd.c in GraphicsMagick 1.3.31
CVE-2019-11474
6.5 - Medium
- April 23, 2019
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
Memory Corruption
coders/xwd.c in GraphicsMagick 1.3.31
CVE-2019-11473
6.5 - Medium
- April 23, 2019
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
Out-of-bounds Read
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which
CVE-2019-11010
6.5 - Medium
- April 08, 2019
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
Memory Leak
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which
CVE-2019-11009
8.1 - High
- April 08, 2019
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
Out-of-bounds Read
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which
CVE-2019-11008
8.8 - High
- April 08, 2019
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Memory Corruption
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which
CVE-2019-11007
8.1 - High
- April 08, 2019
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
Out-of-bounds Read
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which
CVE-2019-11006
9.1 - Critical
- April 08, 2019
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
Out-of-bounds Read
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which
CVE-2019-11005
9.8 - Critical
- April 08, 2019
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
Memory Corruption
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31
CVE-2019-7397
7.5 - High
- February 05, 2019
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
Memory Leak
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file
CVE-2018-20189
6.5 - Medium
- December 17, 2018
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
Improper Input Validation
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which
CVE-2018-20184
6.5 - Medium
- December 17, 2018
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
Memory Corruption
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16
CVE-2018-18544
6.5 - Medium
- October 21, 2018
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
Missing Release of Resource after Effective Lifetime
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c
CVE-2018-9018
6.5 - Medium
- March 25, 2018
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
Divide By Zero
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28
CVE-2018-6799
8.8 - High
- February 07, 2018
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
Buffer Overflow
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c)
CVE-2018-5685
6.5 - Medium
- January 14, 2018
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.
Infinite Loop
LibTIFF before 4.0.6 mishandles the reading of TIFF files
CVE-2018-5360
8.8 - High
- January 14, 2018
LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.
Out-of-bounds Read
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process
CVE-2017-9098
7.5 - High
- May 19, 2017
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
Use of Uninitialized Resource
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick
CVE-2016-5118
9.8 - Critical
- June 10, 2016
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might
CVE-2013-4589
- November 23, 2013
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by Graphicsmagick? Click the Watch button to subscribe.
