CVE-2020-21679
https://notcve.org/view.php?id=CVE-2020-21679
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. • https://sourceforge.net/p/graphicsmagick/bugs/619 • CWE-787: Out-of-bounds Write •
CVE-2022-1270
https://notcve.org/view.php?id=CVE-2022-1270
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. En GraphicsMagick, fue encontrado un desbordamiento del búfer de la pila cuando es analizado MIFF • https://lists.debian.org/debian-lts-announce/2022/11/msg00028.html https://security.gentoo.org/glsa/202209-19 https://sourceforge.net/p/graphicsmagick/bugs/664 https://www.debian.org/security/2022/dsa-5288 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2020-12672
https://notcve.org/view.php?id=CVE-2020-12672
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. GraphicsMagick versiones hasta 1.3.35, presenta un desbordamiento del búfer en la región heap de la memoria en la función ReadMNGImage en el archivo coders/png.c. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html https://security.gentoo.org/glsa/202209-19 • CWE-787: Out-of-bounds Write •
CVE-2020-10938
https://notcve.org/view.php?id=CVE-2020-10938
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. GraphicsMagick versiones anteriores a la versión 1.3.35, tiene un desbordamiento de enteros y un desbordamiento del búfer en la región heap de la memoria en la función HuffmanDecodeImage en el archivo magick/compress.c. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e https://www.debian.org/security/2020/dsa-4675 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-12921
https://notcve.org/view.php?id=CVE-2019-12921
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. En GraphicsMagick versiones anteriores a 1.3.32, el componente text filename permite a atacantes remotos leer archivos arbitrarios por medio de una imagen diseñada debido a TranslateTextEx para SVG. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html http://www.graphicsmagick.org https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md https://lists.debian.org/debian-lts-announce/2020/03/msg00026.html https://www.debian.org/security/2020/dsa-4675 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •