Search CVE reports
101 – 110 of 138 results
CVE-2016-7446
Medium prioritySome fixes available 2 of 3
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2016-5241
Medium prioritySome fixes available 2 of 7
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2016-2318
Low prioritySome fixes available 2 of 7
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c,...
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2016-2317
Medium prioritySome fixes available 2 of 7
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function...
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2016-7997
Low prioritySome fixes available 2 of 6
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2016-7996
Medium prioritySome fixes available 2 of 3
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2015-8808
Low prioritySome fixes available 1 of 6
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Not affected |
CVE-2016-5118
Medium prioritySome fixes available 11 of 16
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
2 affected packages
graphicsmagick, imagemagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
| imagemagick | — | — | — | Fixed | Fixed |
CVE-2016-3718
Medium prioritySome fixes available 11 of 16
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
2 affected packages
graphicsmagick, imagemagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
| imagemagick | — | — | — | Fixed | Fixed |
CVE-2016-3717
Medium prioritySome fixes available 11 of 16
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
2 affected packages
graphicsmagick, imagemagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
| imagemagick | — | — | — | Fixed | Fixed |