Search CVE reports
81 – 90 of 138 results
CVE-2017-11140
Low prioritySome fixes available 2 of 5
The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files.
1 affected packages
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Not affected | Not affected | Fixed |
CVE-2017-11139
Medium priorityGraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
1 affected packages
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Not affected |
CVE-2017-11102
Low prioritySome fixes available 2 of 5
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
1 affected packages
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Not affected | Not affected | Fixed |
CVE-2017-10800
Medium priorityWhen GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
1 affected packages
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-10799
Medium prioritySome fixes available 2 of 5
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
1 affected packages
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Not affected | Not affected | Fixed |
CVE-2017-10794
Medium prioritySome fixes available 1 of 4
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
1 affected packages
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
CVE-2017-6887
Low prioritySome fixes available 3 of 108
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100"...
12 affected packages
darktable, dcraw, exactimage, flphoto, freeimage...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| flphoto | Not in release | Not in release | Not in release | Not in release | Not in release |
| freeimage | Not affected | Not affected | Not affected | Not affected | Not affected |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Not affected | Not affected | Fixed |
| rawstudio | Not in release | Not in release | Not in release | Not in release | Not in release |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2017-6886
Low prioritySome fixes available 3 of 108
An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.
12 affected packages
darktable, dcraw, exactimage, flphoto, freeimage...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| flphoto | Not in release | Not in release | Not in release | Not in release | Not in release |
| freeimage | Not affected | Not affected | Not affected | Not affected | Not affected |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libraw | Not affected | Not affected | Not affected | Not affected | Fixed |
| rawstudio | Not in release | Not in release | Not in release | Not in release | Not in release |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2014-9804
Low priorityvision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
2 affected packages
graphicsmagick, imagemagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Not affected |
| imagemagick | — | — | — | Not affected | Not affected |
CVE-2016-5239
Medium prioritySome fixes available 10 of 13
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
2 affected packages
graphicsmagick, imagemagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | — | — | Not affected | Fixed |
| imagemagick | — | — | — | Fixed | Fixed |