graphicsmagick

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Image processing system
Version 1.3.31-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-355 1.3.26-3 1.3.27-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-16547 AVG-355 Medium Yes Denial of service
The DrawImage function in magick/render.c in GraphicsMagick before 1.3.27 does not properly look for pop keywords that are associated with push keywords,...
CVE-2017-15930 AVG-355 Medium Yes Denial of service
In ReadOneJNGImage in coders/png.c in GraphicsMagick before 1.3.27, a null pointer dereference occurs while transferring JPEG scanlines, related to a...
CVE-2017-14165 AVG-355 Medium Yes Denial of service
The ReadSUNImage function in coders/sun.c in GraphicsMagick before 1.3.27 has an issue where memory allocation is excessive because it depends only on a...
CVE-2017-13777 AVG-355 Medium Yes Denial of service
GraphicsMagick before 1.3.27 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the...
CVE-2017-13776 AVG-355 Medium Yes Denial of service
GraphicsMagick before 1.3.27 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the...
CVE-2017-13134 AVG-355 Medium Yes Denial of service
In ImageMagick 6.9.9.1, 7.0.6.7 and GraphicsMagick before 1.3.27, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which...
CVE-2017-13066 AVG-355 Medium Yes Denial of service
A memory leak vulnerability was found in function CloneImage in magick/image.c in GraphicsMagick before 1.3.27, which allow attackers to cause a denial of...
CVE-2017-13065 AVG-355 Medium Yes Denial of service
A null pointer dereference vulnerability was found in function SVGStartElement in GraphicsMagick before 1.3.27, which allow attackers to cause a denial of...
CVE-2017-13064 AVG-355 High Yes Arbitrary code execution
A heap buffer overflow vulnerability was found in function GetStyleTokens in GraphicsMagick before 1.3.27, which allow attackers to cause a denial of...
CVE-2017-13063 AVG-355 High Yes Arbitrary code execution
A heap buffer overflow vulnerability was found in the function GetStyleTokens in GraphicsMagick before 1.3.27, which allow attackers to cause a denial of...
CVE-2017-12937 AVG-355 High Yes Arbitrary code execution
The ReadSUNImage function in coders/sun.c in GraphicsMagick before 1.3.27 has a colormap heap-based buffer over-read.
CVE-2017-12936 AVG-355 High Yes Arbitrary code execution
The ReadWMFImage function in coders/wmf.c in GraphicsMagick before 1.3.27 has a use-after-free issue for data associated with exception reporting.
CVE-2017-12935 AVG-355 High Yes Arbitrary code execution
The ReadMNGImage function in coders/png.c in GraphicsMagick before 1.3.27 mishandles large MNG images, leading to an invalid memory read in the...
CVE-2017-11403 AVG-355 High Yes Arbitrary code execution
The ReadMNGImage function in coders/png.c in GraphicsMagick before 1.3.27 has an out-of-order CloseBlob call, resulting in a use-after- free via a crafted file.

Advisories

Date Advisory Group Severity Description
08 Jan 2018 ASA-201801-7 AVG-355 High multiple issues