Debian Graphicsmagick vulnerabilities

142 known vulnerabilities affecting debian/graphicsmagick.

Total CVEs

142

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL17HIGH47MEDIUM56LOW22

Vulnerabilities

Page 6 of 8

CVE-2016-8684HIGHCVSS 7.8fixed in graphicsmagick 1.3.25-5 (bookworm)2016

CVE-2016-8684 [HIGH] CVE-2016-8684: graphicsmagick - The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows rem... The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." Scope: local bookworm: resolved (fixed in 1.3.25-5) bullseye: resolved (fixed in 1.3.25-5) forky: resolved (fixed in 1.3.25-5) sid

debian

CVE-2016-8683HIGHCVSS 7.8fixed in graphicsmagick 1.3.25-5 (bookworm)2016

CVE-2016-8683 [HIGH] CVE-2016-8683: graphicsmagick - The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote... The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." Scope: local bookworm: resolved (fixed in 1.3.25-5) bullseye: resolved (fixed in 1.3.25-5) forky: resolved (fixed in 1.3.25-5) sid: r

debian

CVE-2016-7997HIGHCVSS 7.5fixed in graphicsmagick 1.3.25-4 (bookworm)2016

CVE-2016-7997 [HIGH] CVE-2016-7997: graphicsmagick - The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attacke... The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. Scope: local bookworm: resolved (fixed in 1.3.25-4) bullseye: resolved (fixed in 1.3.25-4) forky: resolved (fixed in 1.3.25-4) sid: resolved (fixed in 1.3.25-4) t

debian

CVE-2016-8682HIGHCVSS 7.5fixed in graphicsmagick 1.3.25-5 (bookworm)2016

CVE-2016-8682 [HIGH] CVE-2016-8682: graphicsmagick - The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote... The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. Scope: local bookworm: resolved (fixed in 1.3.25-5) bullseye: resolved (fixed in 1.3.25-5) forky: resolved (fixed in 1.3.25-5) sid: resolved (fixed in 1.3.25-5) trixie: resolved (fixed in 1.3.25-5

debian

CVE-2016-7800HIGHCVSS 7.5fixed in graphicsmagick 1.3.25-3 (bookworm)2016

CVE-2016-7800 [HIGH] CVE-2016-7800: graphicsmagick - Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1... Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.3.25-3) bullseye: resolved (fixed in 1.3.25-3) forky: resolved (fixed in 1.3.

debian

CVE-2016-5240MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-5240 [MEDIUM] CVE-2016-5240: graphicsmagick - The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 ... The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid:

debian

CVE-2016-3715MEDIUMCVSS 5.5KEVPoCfixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-3715 [MEDIUM] CVE-2016-3715: graphicsmagick - The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows... The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved (fixed in 1.3.24-1)

debian

CVE-2016-7446MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.25-1 (bookworm)2016

CVE-2016-7446 [MEDIUM] CVE-2016-7446: graphicsmagick - Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allow... Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. Scope: local bookworm: resolved (fixed in 1.3.25-1) bullseye: resolved (fixed in 1.3.25-1) forky: resolved (fixed in 1.3.25-1) sid: reso

debian

CVE-2016-3718MEDIUMCVSS 5.5KEVPoCfixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-3718 [MEDIUM] CVE-2016-3718: graphicsmagick - The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.... The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved

debian

CVE-2016-3717MEDIUMCVSS 5.5PoCfixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-3717 [MEDIUM] CVE-2016-3717: graphicsmagick - The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows rem... The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved (fixed in 1.3.24-1)

debian

CVE-2016-2317MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-2317 [MEDIUM] CVE-2016-2317: graphicsmagick - Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cau... Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved

debian

CVE-2016-9830MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.25-6 (bookworm)2016

CVE-2016-9830 [MEDIUM] CVE-2016-9830: graphicsmagick - The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote at... The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. Scope: local bookworm: resolved (fixed in 1.3.25-6) bullseye: resolved (fixed in 1.3.25-6) forky: resolved (fixed in 1.3.25-6) sid: resolved (fixed in 1.3.25-6) trixie: resolved (fixed in 1.3.25-6)

debian

CVE-2016-2318MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-2318 [MEDIUM] CVE-2016-2318: graphicsmagick - GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL... GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in

debian

CVE-2016-5241MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-5241 [MEDIUM] CVE-2016-5241: graphicsmagick - magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause... magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved (fixed in 1.3

debian

CVE-2016-3716LOWCVSS 3.3PoCfixed in graphicsmagick 1.3.24-1 (bookworm)2016

CVE-2016-3716 [LOW] CVE-2016-3716: graphicsmagick - The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remot... The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. Scope: local bookworm: resolved (fixed in 1.3.24-1) bullseye: resolved (fixed in 1.3.24-1) forky: resolved (fixed in 1.3.24-1) sid: resolved (fixed in 1.3.24-1) trixie: resolved (fixed in 1.3.24-1)

debian

CVE-2015-8808MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.21-2 (bookworm)2015

CVE-2015-8808 [MEDIUM] CVE-2015-8808: graphicsmagick - The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote ... The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. Scope: local bookworm: resolved (fixed in 1.3.21-2) bullseye: resolved (fixed in 1.3.21-2) forky: resolved (fixed in 1.3.21-2) sid: resolved (fixed in 1.3.21-2) trixie: resolved (fixed in

debian

CVE-2014-8355MEDIUMCVSS 5.5fixed in graphicsmagick 1.3.20-3+deb8u1 (bookworm)2014

CVE-2014-8355 [MEDIUM] CVE-2014-8355: graphicsmagick - PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a... PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). Scope: local bookworm: resolved (fixed in 1.3.20-3+deb8u1) bullseye: resolved (fixed in 1.3.20-3+deb8u1) forky: resolved (fixed in 1.3.20-3+deb8u1) sid: resolved (fixed in 1.3.20-3+deb8u1) trixie: resolved (fixed in 1.3.20-3+deb8u1)

debian

CVE-2014-1947LOWCVSS 7.8PoCfixed in graphicsmagick 1.3.20-1 (bookworm)2014

CVE-2014-1947 [HIGH] CVE-2014-1947: graphicsmagick - Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in Ima... Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Scope: local bookworm: resolved (fixed

debian

CVE-2013-4589LOWCVSS 4.3fixed in graphicsmagick 1.3.18-1 (bookworm)2013

CVE-2013-4589 [MEDIUM] CVE-2013-4589: graphicsmagick - The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 ... The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. Scope: local bookworm: resolved (fixed in 1.3.18-1) bullseye: resolved (fixed in 1.3.18-1) forky: resolved (fixed in 1.3.18-1) sid: resolved (fixed

debian

CVE-2012-3438LOWCVSS 4.3fixed in graphicsmagick 1.3.16-1.1 (bookworm)2012

CVE-2012-3438 [MEDIUM] CVE-2012-3438: graphicsmagick - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does no... The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. Scope: local bookworm: resolved (fixed in 1.3.16-1.1) bullseye: resolved (fixed in 1.3.

debian

← Previous6 / 8Next →