CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17500 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-17500
11 Dec 2017 — ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. ReadRGBImage en coders/rgb.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified i... • http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17501
https://notcve.org/view.php?id=CVE-2017-17501
11 Dec 2017 — WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. WriteOnePNGImage en coders/png.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17502
https://notcve.org/view.php?id=CVE-2017-17502
11 Dec 2017 — ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. ReadCMYKImage en coders/cmyk.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportCMYKQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17503
https://notcve.org/view.php?id=CVE-2017-17503
11 Dec 2017 — ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. ReadGRAYImage en coders/gray.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportGrayQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2017-16669
https://notcve.org/view.php?id=CVE-2017-16669
09 Nov 2017 — coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. coders/wpg.c en GraphicsMagick 7.0.6 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de aplicación) o, probablemente, causen cualquier otro tip... • http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16547
https://notcve.org/view.php?id=CVE-2017-16547
06 Nov 2017 — The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en magick/render.c en GraphicsMagick 1.3.26 no busca correctamente palabras clave pop que estén asociadas a palabras clave push, lo que permite que atacantes remotos provoquen una de... • http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16545 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-16545
05 Nov 2017 — The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. La función ReadWPGImage en coders/wpg.c en GraphicsMagick 1.3.26 no valida correctamente las imágenes cuyos colores corresponden a un mapa de color, lo que permite que atacantes remotos provoquen una denegació... • http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 30%CPEs: 4EXPL: 3CVE-2017-16352 – GraphicsMagick - Memory Disclosure / Heap Overflow
https://notcve.org/view.php?id=CVE-2017-16352
01 Nov 2017 — GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. GraphicsMagick 1.3.26 es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) que se ha encontrado en la característica "Display visual image directory"... • https://packetstorm.news/files/id/144878 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 35%CPEs: 4EXPL: 3CVE-2017-16353 – GraphicsMagick - Memory Disclosure / Heap Overflow
https://notcve.org/view.php?id=CVE-2017-16353
01 Nov 2017 — GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. GraphicsMagick 1.3.26... • https://packetstorm.news/files/id/144878 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15930 – Ubuntu Security Notice USN-4232-1
https://notcve.org/view.php?id=CVE-2017-15930
27 Oct 2017 — In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. En ReadOneJNGImage en coders/png.c en GraphicsMagick 1.3.26, ocurre una desreferencia de puntero NULL cuando se transfieren scanlines JPEG. Esta vulnerabilidad está relacionada con un puntero PixelPacket. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of s... • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=6fc54b6d2be8 • CWE-476: NULL Pointer Dereference •