Debian Graphicsmagick vulnerabilities

CVE-2009-1882 [CRITICAL] CVE-2009-1882: graphicsmagick - Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6... Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. Scope: local bookworm: r

CVE-2009-3736 [MEDIUM] CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ... ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-6070 [CRITICAL] CVE-2008-6070: graphicsmagick - Multiple heap-based buffer underflows in the ReadPALMImage function in coders/pa... Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information. Scope

CVE-2008-6071 [CRITICAL] CVE-2008-6071: graphicsmagick - Heap-based buffer overflow in the DecodeImage function in coders/pict.c in Graph... Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixe

CVE-2008-6621 [HIGH] CVE-2008-6621: graphicsmagick - Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers... Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 1.2.3-1) bullseye: resolved (fixed in 1.2.3-1) forky: resolved (fixed in 1.2.3-1) sid: resolv

CVE-2008-6072 [MEDIUM] CVE-2008-6072: graphicsmagick - Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x ... Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images. Scope: local bookworm: resolved (fixed in 1.2.3-1) bullseye: resolved (fixed in 1.2.3-1) forky: resolved (fixed in 1.2.3-1) sid: resolved (fixed in 1

CVE-2008-1096 [MEDIUM] CVE-2008-1096: graphicsmagick - The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8... The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. Scope: loc

CVE-2008-3134 [MEDIUM] CVE-2008-3134: graphicsmagick - Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote... Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/im

CVE-2008-1097 [MEDIUM] CVE-2008-1097: graphicsmagick - Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in code... Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline ar

CVE-2007-4985 [MEDIUM] CVE-2007-4985: graphicsmagick - ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial ... ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. Scope: local bookworm: resolved (fixed in 1

CVE-2007-1797 [CRITICAL] CVE-2007-1797: graphicsmagick - Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers ... Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues t

CVE-2007-1667 [CRITICAL] CVE-2007-1667: graphicsmagick - Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org li... Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. Scope: local bookwo

CVE-2007-4986 [MEDIUM] CVE-2007-4986: graphicsmagick - Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent... Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.1.11-1) bullseye: resolved (fixed in 1.1.11-1) forky: resolved (fixed in 1.1.

CVE-2007-4988 [HIGH] CVE-2007-4988: graphicsmagick - Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 ... Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.1.11-1) bullseye: resolved (fixed in 1.1.11-1) forky: resolved (f

CVE-2007-0770 [MEDIUM] CVE-2007-0770: graphicsmagick - Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote at... Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. Scope: local bookworm: resolved (fixed in 1.1.7-

CVE-2006-5456 [MEDIUM] CVE-2006-5456: graphicsmagick - Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 a... Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/pal

CVE-2006-3744 [MEDIUM] CVE-2006-3744: graphicsmagick - Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted atta... Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. Scope: local bookworm: resolved (fixed in 1.1.7-7) bullseye: resolved (fixed in 1.1.7-7) forky: resolved (fixed in 1.1.7-7) sid: resolved (fixed in 1.1.7-7) trixie:

CVE-2006-3743 [MEDIUM] CVE-2006-3743: graphicsmagick - Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attack... Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. Scope: local bookworm: resolved (fixed in 1.1.7-8) bullseye: resolved (fixed in 1.1.7-8) forky: resolved (fixed in 1.1.7-8) sid: resolved (fixed in 1.1.7-8) trixie: resolved (fixed in 1.1.7-8)

CVE-2006-4144 [LOW] CVE-2006-4144: graphicsmagick - Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2... Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.1.7-7) bullseye: resolve

CVE-2005-4601 [HIGH] CVE-2005-4601: graphicsmagick - The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute ... The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. Scope: local bookworm: resolved (fixed in 1.1.7-1) bullseye: resolved (fixed in 1.1.7-1) forky: resolved (fixed in 1.1.7-1) sid: resolved (fixed in 1.1.7-1) trixie: resolved (fixed in