CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27796
https://notcve.org/view.php?id=CVE-2025-27796
07 Mar 2025 — WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation. ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. • http://www.graphicsmagick.org/NEWS.html • CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27795
https://notcve.org/view.php?id=CVE-2025-27795
07 Mar 2025 — JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. • http://www.graphicsmagick.org/NEWS.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21679
https://notcve.org/view.php?id=CVE-2020-21679
22 Aug 2023 — Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. • https://sourceforge.net/p/graphicsmagick/bugs/619 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1270 – Debian Security Advisory 5288-1
https://notcve.org/view.php?id=CVE-2022-1270
28 Sep 2022 — In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. En GraphicsMagick, fue encontrado un desbordamiento del búfer de la pila cuando es analizado MIFF It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary... • https://lists.debian.org/debian-lts-announce/2022/11/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-12672 – Ubuntu Security Notice USN-5974-1
https://notcve.org/view.php?id=CVE-2020-12672
06 May 2020 — GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. GraphicsMagick versiones hasta 1.3.35, presenta un desbordamiento del búfer en la región heap de la memoria en la función ReadMNGImage en el archivo coders/png.c. It was discovered that GraphicsMagick was not properly performing bounds checks when processing TGA image files, which could lead to a heap buffer overflow. If a user or automated system were tricked into processing a specially crafted TGA image file, a... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2020-10938 – Debian Security Advisory 4675-1
https://notcve.org/view.php?id=CVE-2020-10938
24 Mar 2020 — GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. GraphicsMagick versiones anteriores a la versión 1.3.35, tiene un desbordamiento de enteros y un desbordamiento del búfer en la región heap de la memoria en la función HuffmanDecodeImage en el archivo magick/compress.c. Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in inform... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 6%CPEs: 6EXPL: 0CVE-2019-12921 – Debian Security Advisory 4675-1
https://notcve.org/view.php?id=CVE-2019-12921
18 Mar 2020 — In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. En GraphicsMagick versiones anteriores a 1.3.32, el componente text filename permite a atacantes remotos leer archivos arbitrarios por medio de una imagen diseñada debido a TranslateTextEx para SVG. Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2019-19950 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-19950
24 Dec 2019 — In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. En GraphicsMagick versión 1.4 snapshot-20190403 Q8, se presenta un uso de la memoria previamente liberada de las funciones ThrowException y ThrowLoggedException del archivo magick/error.c. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are proces... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2019-19951 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-19951
24 Dec 2019 — In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. En GraphicsMagick versión 1.4 snapshot-20190423 Q8, se presenta un desbordamiento de búfer en la región heap de la memoria en la función ImportRLEPixels del archivo coders/miff.c. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 1CVE-2019-19953 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2019-19953
24 Dec 2019 — In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. En GraphicsMagick versión 1.4 snapshot-20191208 Q8, se presenta una lectura excesiva de búfer en la región heap de la memoria en la función EncodeImage del archivo coders/pict.c. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf • CWE-125: Out-of-bounds Read •