Debian Graphicsmagick vulnerabilities

CVE-2017-16353 [MEDIUM] CVE-2017-16353: graphicsmagick - GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerabi... GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be trigg

CVE-2017-14997 [MEDIUM] CVE-2017-14997: graphicsmagick - GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (exce... GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. Scope: local bookworm: resolved (fixed in 1.3.26-13) bullseye: resolved (fixed in 1.3.26-13) forky: resolved (fixed in 1.3.26-13) sid: resolved (fixed in 1.3.26-13) trixie: resolved (fixe

CVE-2017-13064 [MEDIUM] CVE-2017-13064: graphicsmagick - GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the func... GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. Scope: local bookworm: resolved (fixed in 1.3.26-7) bullseye: resolved (fixed in 1.3.26-7) forky: resolved (fixed in 1.3.26-7) sid: resolved (fixed in 1.3.26-7) trixie: resolved (fixed in 1.3.26-7)

CVE-2017-6335 [MEDIUM] CVE-2017-6335: graphicsmagick - The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and e... The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. Scope: local bookworm: resolved (fixed in 1.3.25-8) bullseye: resolved (fixed in 1.3.25-8) forky: resolved (fixed in 1.3

CVE-2017-18229 [MEDIUM] CVE-2017-18229: graphicsmagick - An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerab... An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. Scope: local bookworm: resolved (fixed in 1.3.27-1) b

CVE-2017-18231 [MEDIUM] CVE-2017-18231: graphicsmagick - An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vul... An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resolved (fixed in 1.3.27-1) sid: resol

CVE-2017-13065 [MEDIUM] CVE-2017-13065: graphicsmagick - GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the functi... GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. Scope: local bookworm: resolved (fixed in 1.3.26-7) bullseye: resolved (fixed in 1.3.26-7) forky: resolved (fixed in 1.3.26-7) sid: resolved (fixed in 1.3.26-7) trixie: resolved (fixed in 1.3.26-7)

CVE-2017-14733 [MEDIUM] CVE-2017-14733: graphicsmagick - ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers tha... ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.26-13) bullseye: resolved (fixed in 1.3.26-13) forky: resolved (fixed in 1.3

CVE-2017-13134 [MEDIUM] CVE-2017-13134: graphicsmagick - In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read ... In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.26-19) bullseye: resolved (fixed in 1.3.26-19) forky: resolved (fixed in 1.3.26-19) sid: resolved (fixed in 1.

CVE-2017-14504 [MEDIUM] CVE-2017-14504: graphicsmagick - ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correc... ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. Scope: local bookworm: resolved (fixed in 1.3.26-11) bullseye: resolved (fixed in 1.3.26-11) forky: resolved (fixed in 1.3.26-11) sid: resolved (fixed in 1.3.26-11) trixie: resolved (fixed in 1.3.26

CVE-2017-18219 [MEDIUM] CVE-2017-18219: graphicsmagick - An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerab... An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed

CVE-2017-13063 [MEDIUM] CVE-2017-13063: graphicsmagick - GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the func... GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. Scope: local bookworm: resolved (fixed in 1.3.26-7) bullseye: resolved (fixed in 1.3.26-7) forky: resolved (fixed in 1.3.26-7) sid: resolved (fixed in 1.3.26-7) trixie: resolved (fixed in 1.3.26-7)

CVE-2017-10799 [MEDIUM] CVE-2017-10799: graphicsmagick - When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a lar... When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Scope: local bookworm: resolved (fixed in 1.3.26-1) bullseye: resolved (fixed in 1.3.26-1) forky: resolved (fixed in 1.3.26-1) sid: resolved (fixed in 1.3.26-1) trixie: resolved (fixed in 1.3.26-1)

CVE-2017-14994 [MEDIUM] CVE-2017-14994: graphicsmagick - ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to... ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. Scope: local bookworm: resolved (fixed in 1.3.26-13) bullseye: resolved (fixed in 1.3.26-13) forky: resolve

CVE-2017-15277 [MEDIUM] CVE-2017-15277: graphicsmagick - ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 le... ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. Scope: lo

CVE-2017-10800 [MEDIUM] CVE-2017-10800: graphicsmagick - When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead... When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. Scope: local bookworm: resolved (fixed in 1.3.26-1) bullseye: resolved (fixed in 1.3.26-1) forky: resolved (fixed in 1.3.26-1) sid: resolved (fixed in

CVE-2017-10794 [MEDIUM] CVE-2017-10794: graphicsmagick - When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicati... When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. Scope: local bookworm: resolved (fixed in 1.3.26-1) bullseye: resolved (fixed in 1.3.26-1) forky: resolved (fixed in 1.3.26-1) sid: resolved (fixed in 1.3.26-1) trixie: reso

CVE-2017-14314 [MEDIUM] CVE-2017-14314: graphicsmagick - Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick ... Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.26-10) bullseye: resolved (fixed in 1.3.26-10) forky: resolved (fixed in 1.3.26-10) s

CVE-2017-18230 [MEDIUM] CVE-2017-18230: graphicsmagick - An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vul... An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 1.3.27-1) bullseye: resolved (fixed in 1.3.27-1) forky: resolved (fixed in 1.3.27-1) sid: re

CVE-2017-11722 [MEDIUM] CVE-2017-11722: graphicsmagick - The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows re... The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an