CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17498
https://notcve.org/view.php?id=CVE-2017-17498
11 Dec 2017 — WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. WritePNMImage en coders/pnm.c en GraphicsMagick 1.3.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap en bit_stream.c MagickBitStreamMSBWrite y cierre inesperado de la aplicac... • http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17500 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-17500
11 Dec 2017 — ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. ReadRGBImage en coders/rgb.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified i... • http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17501
https://notcve.org/view.php?id=CVE-2017-17501
11 Dec 2017 — WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. WriteOnePNGImage en coders/png.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17502
https://notcve.org/view.php?id=CVE-2017-17502
11 Dec 2017 — ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. ReadCMYKImage en coders/cmyk.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportCMYKQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17503
https://notcve.org/view.php?id=CVE-2017-17503
11 Dec 2017 — ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. ReadGRAYImage en coders/gray.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportGrayQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2017-16669
https://notcve.org/view.php?id=CVE-2017-16669
09 Nov 2017 — coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. coders/wpg.c en GraphicsMagick 7.0.6 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de aplicación) o, probablemente, causen cualquier otro tip... • http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16547
https://notcve.org/view.php?id=CVE-2017-16547
06 Nov 2017 — The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en magick/render.c en GraphicsMagick 1.3.26 no busca correctamente palabras clave pop que estén asociadas a palabras clave push, lo que permite que atacantes remotos provoquen una de... • http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16545 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-16545
05 Nov 2017 — The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. La función ReadWPGImage en coders/wpg.c en GraphicsMagick 1.3.26 no valida correctamente las imágenes cuyos colores corresponden a un mapa de color, lo que permite que atacantes remotos provoquen una denegació... • http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 30%CPEs: 4EXPL: 3CVE-2017-16352 – GraphicsMagick - Memory Disclosure / Heap Overflow
https://notcve.org/view.php?id=CVE-2017-16352
01 Nov 2017 — GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. GraphicsMagick 1.3.26 es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) que se ha encontrado en la característica "Display visual image directory"... • https://packetstorm.news/files/id/144878 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 35%CPEs: 4EXPL: 3CVE-2017-16353 – GraphicsMagick - Memory Disclosure / Heap Overflow
https://notcve.org/view.php?id=CVE-2017-16353
01 Nov 2017 — GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. GraphicsMagick 1.3.26... • https://packetstorm.news/files/id/144878 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •