CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17502
https://notcve.org/view.php?id=CVE-2017-17502
11 Dec 2017 — ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. ReadCMYKImage en coders/cmyk.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportCMYKQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17503
https://notcve.org/view.php?id=CVE-2017-17503
11 Dec 2017 — ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. ReadGRAYImage en coders/gray.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportGrayQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2017-16669
https://notcve.org/view.php?id=CVE-2017-16669
09 Nov 2017 — coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. coders/wpg.c en GraphicsMagick 7.0.6 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de aplicación) o, probablemente, causen cualquier otro tip... • http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16547
https://notcve.org/view.php?id=CVE-2017-16547
06 Nov 2017 — The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en magick/render.c en GraphicsMagick 1.3.26 no busca correctamente palabras clave pop que estén asociadas a palabras clave push, lo que permite que atacantes remotos provoquen una de... • http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16545 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-16545
05 Nov 2017 — The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. La función ReadWPGImage en coders/wpg.c en GraphicsMagick 1.3.26 no valida correctamente las imágenes cuyos colores corresponden a un mapa de color, lo que permite que atacantes remotos provoquen una denegació... • http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 30%CPEs: 4EXPL: 3CVE-2017-16352 – GraphicsMagick - Memory Disclosure / Heap Overflow
https://notcve.org/view.php?id=CVE-2017-16352
01 Nov 2017 — GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. GraphicsMagick 1.3.26 es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) que se ha encontrado en la característica "Display visual image directory"... • https://packetstorm.news/files/id/144878 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 35%CPEs: 4EXPL: 3CVE-2017-16353 – GraphicsMagick - Memory Disclosure / Heap Overflow
https://notcve.org/view.php?id=CVE-2017-16353
01 Nov 2017 — GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. GraphicsMagick 1.3.26... • https://packetstorm.news/files/id/144878 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15930 – Ubuntu Security Notice USN-4232-1
https://notcve.org/view.php?id=CVE-2017-15930
27 Oct 2017 — In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. En ReadOneJNGImage en coders/png.c en GraphicsMagick 1.3.26, ocurre una desreferencia de puntero NULL cuando se transfieren scanlines JPEG. Esta vulnerabilidad está relacionada con un puntero PixelPacket. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of s... • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=6fc54b6d2be8 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 51%CPEs: 2EXPL: 2CVE-2017-15277 – Debian Security Advisory 4032-1
https://notcve.org/view.php?id=CVE-2017-15277
12 Oct 2017 — ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. ReadGIFImage en coders/gif.c en ImageMagick 7.0.6-1 y GraphicsMagick 1.3.26 deja sin inicializar la paleta cuando se procesa un archivo GIF que no tiene ni una pa... • https://github.com/hexrom/ImageMagick-CVE-2017-15277 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15238
https://notcve.org/view.php?id=CVE-2017-15238
11 Oct 2017 — ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. ReadOneJNGImage en coders/png.c en GraphicsMagick 1.3.26 tiene un problema de uso de memoria previamente liberada cuando el ancho o el alto es cero, relacionado con ReadJNGImage. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=93bdb9b30076 • CWE-416: Use After Free •