CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21679
https://notcve.org/view.php?id=CVE-2020-21679
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. • https://sourceforge.net/p/graphicsmagick/bugs/619 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19950
https://notcve.org/view.php?id=CVE-2019-19950
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. En GraphicsMagick versión 1.4 snapshot-20190403 Q8, se presenta un uso de la memoria previamente liberada de las funciones ThrowException y ThrowLoggedException del archivo magick/error.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html https://sourceforge.net/p/graphicsmagick/bugs/603 https://www.debian.org/security/2020/dsa-4640 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2019-19951
https://notcve.org/view.php?id=CVE-2019-19951
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. En GraphicsMagick versión 1.4 snapshot-20190423 Q8, se presenta un desbordamiento de búfer en la región heap de la memoria en la función ImportRLEPixels del archivo coders/miff.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html https://sourceforge.net/p/graphicsmagick/bugs/608 https://www.debian.org/security/2020/dsa-4640 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19953
https://notcve.org/view.php?id=CVE-2019-19953
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. En GraphicsMagick versión 1.4 snapshot-20191208 Q8, se presenta una lectura excesiva de búfer en la región heap de la memoria en la función EncodeImage del archivo coders/pict.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html https://sourceforge.net/p/graphicsmagick/bugs/617 https://www.debian.org/security/2020/dsa-4640 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20185
https://notcve.org/view.php?id=CVE-2018-20185
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en GraphicsMagick 1.4 snapshot-20181209 Q8 en plataformas de 32 bits, en la función ReadBMPImage de bmp.c que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen bmp manipulado. Esto solo afecta a instalaciones de GraphicsMagick con límites BMP personalizados. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293 http://www.securityfocus.com/bid/106229 https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html https://sourceforge.net/p/graphicsmagick/bugs/582 https://usn.ubuntu.com/4207-1 https://www.debian.org/security/2020/dsa-4640 • CWE-125: Out-of-bounds Read •