Search criteria
121 vulnerabilities by graphicsmagick
CVE-2025-32460 (GCVE-0-2025-32460)
Vulnerability from cvelistv5 – Published: 2025-04-09 00:00 – Updated: 2025-04-09 19:27
VLAI?
Summary
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
Severity ?
4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GraphicsMagick | GraphicsMagick |
Affected:
0 , < 8e56520435df50f618a03f2721a39a70a515f1cb
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T19:26:13.492111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T19:27:10.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GraphicsMagick",
"vendor": "GraphicsMagick",
"versions": [
{
"lessThan": "8e56520435df50f618a03f2721a39a70a515f1cb",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8e56520435df50f618a03f2721a39a70a515f1cb",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T01:07:05.737Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb"
},
{
"url": "https://tracker.debian.org/news/1636753/accepted-graphicsmagick-14really1345hg17696-1-source-into-unstable/"
},
{
"url": "https://issues.oss-fuzz.com/issues/406320404"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32460",
"datePublished": "2025-04-09T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2025-04-09T19:27:10.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27796 (GCVE-0-2025-27796)
Vulnerability from cvelistv5 – Published: 2025-03-07 00:00 – Updated: 2025-03-07 21:32
VLAI?
Summary
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
Severity ?
4.5 (Medium)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GraphicsMagick | GraphicsMagick |
Affected:
0 , < 1.3.46
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:36:21.945649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:36:30.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GraphicsMagick",
"vendor": "GraphicsMagick",
"versions": [
{
"lessThan": "1.3.46",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:32:29.800Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f"
},
{
"url": "http://www.graphicsmagick.org/NEWS.html"
},
{
"url": "https://sourceforge.net/p/graphicsmagick/bugs/750/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-27796",
"datePublished": "2025-03-07T00:00:00.000Z",
"dateReserved": "2025-03-07T00:00:00.000Z",
"dateUpdated": "2025-03-07T21:32:29.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27795 (GCVE-0-2025-27795)
Vulnerability from cvelistv5 – Published: 2025-03-07 00:00 – Updated: 2025-03-07 19:37
VLAI?
Summary
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
Severity ?
4.3 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GraphicsMagick | GraphicsMagick |
Affected:
0 , < 1.3.46
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T19:37:23.161114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T19:37:31.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GraphicsMagick",
"vendor": "GraphicsMagick",
"versions": [
{
"lessThan": "1.3.46",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:07:17.705Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.graphicsmagick.org/NEWS.html"
},
{
"url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42"
},
{
"url": "https://issues.oss-fuzz.com/issues/42536330#comment6"
},
{
"url": "https://github.com/libjxl/libjxl/issues/3793#issuecomment-2334843280"
},
{
"url": "https://github.com/libjxl/libjxl/issues/3792#issuecomment-2330978387"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-27795",
"datePublished": "2025-03-07T00:00:00.000Z",
"dateReserved": "2025-03-07T00:00:00.000Z",
"dateUpdated": "2025-03-07T19:37:31.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-21679 (GCVE-0-2020-21679)
Vulnerability from cvelistv5 – Published: 2023-08-22 00:00 – Updated: 2024-10-07 15:14
VLAI?
Summary
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:30:33.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/619/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-21679",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T15:14:19.198928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T15:14:28.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T15:44:33.965357",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sourceforge.net/p/graphicsmagick/bugs/619/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21679",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-10-07T15:14:28.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1270 (GCVE-0-2022-1270)
Vulnerability from cvelistv5 – Published: 2022-09-28 00:00 – Updated: 2025-05-21 14:59
VLAI?
Summary
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | GraphicsMagick |
Affected:
GraphicsMagick-1.4.020220326
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/664/"
},
{
"name": "GLSA-202209-19",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-19"
},
{
"name": "[debian-lts-announce] 20221121 [SECURITY] [DLA 3200-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00028.html"
},
{
"name": "DSA-5288",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5288"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T14:58:47.360681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T14:59:12.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GraphicsMagick",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "GraphicsMagick-1.4.020220326"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick, a heap buffer overflow was found when parsing MIFF."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-26T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://sourceforge.net/p/graphicsmagick/bugs/664/"
},
{
"name": "GLSA-202209-19",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-19"
},
{
"name": "[debian-lts-announce] 20221121 [SECURITY] [DLA 3200-1] graphicsmagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00028.html"
},
{
"name": "DSA-5288",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5288"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-1270",
"datePublished": "2022-09-28T00:00:00.000Z",
"dateReserved": "2022-04-07T00:00:00.000Z",
"dateUpdated": "2025-05-21T14:59:12.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12672 (GCVE-0-2020-12672)
Vulnerability from cvelistv5 – Published: 2020-05-06 02:47 – Updated: 2024-08-04 12:04
VLAI?
Summary
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025"
},
{
"name": "[debian-lts-announce] 20200607 [SECURITY] [DLA 2236-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0779",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html"
},
{
"name": "openSUSE-SU-2020:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html"
},
{
"name": "GLSA-202209-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025"
},
{
"name": "[debian-lts-announce] 20200607 [SECURITY] [DLA 2236-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0779",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html"
},
{
"name": "openSUSE-SU-2020:0788",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html"
},
{
"name": "GLSA-202209-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025"
},
{
"name": "[debian-lts-announce] 20200607 [SECURITY] [DLA 2236-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00004.html"
},
{
"name": "openSUSE-SU-2020:0779",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00008.html"
},
{
"name": "openSUSE-SU-2020:0788",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00012.html"
},
{
"name": "GLSA-202209-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12672",
"datePublished": "2020-05-06T02:47:51",
"dateReserved": "2020-05-06T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10938 (GCVE-0-2020-10938)
Vulnerability from cvelistv5 – Published: 2020-03-24 15:28 – Updated: 2024-08-04 11:21
VLAI?
Summary
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:12.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/"
},
{
"name": "openSUSE-SU-2020:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html"
},
{
"name": "openSUSE-SU-2020:0429",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html"
},
{
"name": "DSA-4675",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T12:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/"
},
{
"name": "openSUSE-SU-2020:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html"
},
{
"name": "openSUSE-SU-2020:0429",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html"
},
{
"name": "DSA-4675",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/code/ci/5b4dd7c6674140a115ec9424c8d19c6a458fac3e/"
},
{
"name": "openSUSE-SU-2020:0416",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html"
},
{
"name": "openSUSE-SU-2020:0429",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"name": "[debian-lts-announce] 20200415 [SECURITY] [DLA 2173-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00007.html"
},
{
"name": "DSA-4675",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10938",
"datePublished": "2020-03-24T15:28:05",
"dateReserved": "2020-03-24T00:00:00",
"dateUpdated": "2024-08-04T11:21:12.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12921 (GCVE-0-2019-12921)
Vulnerability from cvelistv5 – Published: 2020-03-18 17:39 – Updated: 2024-08-04 23:32
VLAI?
Summary
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.graphicsmagick.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md"
},
{
"name": "[debian-lts-announce] 20200321 [SECURITY] [DLA 2152-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html"
},
{
"name": "openSUSE-SU-2020:0429",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"name": "DSA-4675",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T12:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.graphicsmagick.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md"
},
{
"name": "[debian-lts-announce] 20200321 [SECURITY] [DLA 2152-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0416",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html"
},
{
"name": "openSUSE-SU-2020:0429",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"name": "DSA-4675",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.graphicsmagick.org/",
"refsource": "MISC",
"url": "http://www.graphicsmagick.org/"
},
{
"name": "https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md",
"refsource": "MISC",
"url": "https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md"
},
{
"name": "[debian-lts-announce] 20200321 [SECURITY] [DLA 2152-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0416",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html"
},
{
"name": "openSUSE-SU-2020:0429",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00051.html"
},
{
"name": "DSA-4675",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12921",
"datePublished": "2020-03-18T17:39:30",
"dateReserved": "2019-06-20T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19950 (GCVE-0-2019-19950)
Vulnerability from cvelistv5 – Published: 2019-12-24 00:07 – Updated: 2024-08-05 02:32
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/603/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/603/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/603/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/603/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4"
},
{
"name": "openSUSE-SU-2020:0055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19950",
"datePublished": "2019-12-24T00:07:10",
"dateReserved": "2019-12-24T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19951 (GCVE-0-2019-19951)
Vulnerability from cvelistv5 – Published: 2019-12-24 00:07 – Updated: 2024-08-05 02:32
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/608/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/608/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/608/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/608/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d"
},
{
"name": "openSUSE-SU-2020:0055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19951",
"datePublished": "2019-12-24T00:07:02",
"dateReserved": "2019-12-24T00:00:00",
"dateUpdated": "2024-08-05T02:32:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19953 (GCVE-0-2019-19953)
Vulnerability from cvelistv5 – Published: 2019-12-24 00:06 – Updated: 2024-08-05 02:32
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-19953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/617/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/617/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf"
},
{
"name": "openSUSE-SU-2020:0055",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html"
},
{
"name": "openSUSE-SU-2020:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00064.html"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2084-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00029.html"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19953",
"datePublished": "2019-12-24T00:06:51",
"dateReserved": "2019-12-24T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11506 (GCVE-0-2019-11506)
Vulnerability from cvelistv5 – Published: 2019-04-24 20:31 – Updated: 2024-08-04 22:55
VLAI?
Summary
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/604/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1603",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html"
},
{
"name": "openSUSE-SU-2019:1683",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/604/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1603",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html"
},
{
"name": "openSUSE-SU-2019:1683",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/604/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/604/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a"
},
{
"name": "openSUSE-SU-2019:1355",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1603",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html"
},
{
"name": "openSUSE-SU-2019:1683",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11506",
"datePublished": "2019-04-24T20:31:13",
"dateReserved": "2019-04-24T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11505 (GCVE-0-2019-11505)
Vulnerability from cvelistv5 – Published: 2019-04-24 20:31 – Updated: 2024-08-04 22:55
VLAI?
Summary
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/605/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a"
},
{
"name": "108063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108063"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1603",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html"
},
{
"name": "openSUSE-SU-2019:1683",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/605/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a"
},
{
"name": "108063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108063"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1603",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html"
},
{
"name": "openSUSE-SU-2019:1683",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/605/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/605/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a"
},
{
"name": "108063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108063"
},
{
"name": "openSUSE-SU-2019:1355",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "openSUSE-SU-2019:1603",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html"
},
{
"name": "openSUSE-SU-2019:1683",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11505",
"datePublished": "2019-04-24T20:31:00",
"dateReserved": "2019-04-24T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11474 (GCVE-0-2019-11474)
Vulnerability from cvelistv5 – Published: 2019-04-23 13:55 – Updated: 2024-08-04 22:55
VLAI?
Summary
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.graphicsmagick.org/Changelog.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd"
},
{
"name": "108055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108055"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "FEDORA-2019-da4c20882c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
},
{
"name": "FEDORA-2019-425a1aa7c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.graphicsmagick.org/Changelog.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd"
},
{
"name": "108055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108055"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "FEDORA-2019-da4c20882c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
},
{
"name": "FEDORA-2019-425a1aa7c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.graphicsmagick.org/Changelog.html",
"refsource": "MISC",
"url": "http://www.graphicsmagick.org/Changelog.html"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd"
},
{
"name": "108055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108055"
},
{
"name": "openSUSE-SU-2019:1355",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "FEDORA-2019-da4c20882c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
},
{
"name": "FEDORA-2019-425a1aa7c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11474",
"datePublished": "2019-04-23T13:55:39",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11473 (GCVE-0-2019-11473)
Vulnerability from cvelistv5 – Published: 2019-04-23 13:55 – Updated: 2024-08-04 22:55
VLAI?
Summary
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.graphicsmagick.org/Changelog.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd"
},
{
"name": "108055",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108055"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "FEDORA-2019-da4c20882c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
},
{
"name": "FEDORA-2019-425a1aa7c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.graphicsmagick.org/Changelog.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd"
},
{
"name": "108055",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108055"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "FEDORA-2019-da4c20882c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
},
{
"name": "FEDORA-2019-425a1aa7c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.graphicsmagick.org/Changelog.html",
"refsource": "MISC",
"url": "http://www.graphicsmagick.org/Changelog.html"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd"
},
{
"name": "108055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108055"
},
{
"name": "openSUSE-SU-2019:1355",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1795-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00027.html"
},
{
"name": "openSUSE-SU-2019:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "FEDORA-2019-da4c20882c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/"
},
{
"name": "FEDORA-2019-425a1aa7c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11473",
"datePublished": "2019-04-23T13:55:28",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11010 (GCVE-0-2019-11010)
Vulnerability from cvelistv5 – Published: 2019-04-08 18:18 – Updated: 2024-08-04 22:40
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/601/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/601/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/601/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/601/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11010",
"datePublished": "2019-04-08T18:18:44",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11009 (GCVE-0-2019-11009)
Vulnerability from cvelistv5 – Published: 2019-04-08 18:18 – Updated: 2024-08-04 22:40
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/597/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/597/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/597/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/597/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1355",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "openSUSE-SU-2019:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11009",
"datePublished": "2019-04-08T18:18:30",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11008 (GCVE-0-2019-11008)
Vulnerability from cvelistv5 – Published: 2019-04-08 18:18 – Updated: 2024-08-04 22:40
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/599/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/599/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1355",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "openSUSE-SU-2019:1437",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/599/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/599/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1331",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"
},
{
"name": "openSUSE-SU-2019:1355",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html"
},
{
"name": "openSUSE-SU-2019:1354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html"
},
{
"name": "openSUSE-SU-2019:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00055.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11008",
"datePublished": "2019-04-08T18:18:18",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11007 (GCVE-0-2019-11007)
Vulnerability from cvelistv5 – Published: 2019-04-08 18:18 – Updated: 2024-08-04 22:40
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/596/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/596/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/596/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/596/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "openSUSE-SU-2019:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "openSUSE-SU-2019:1331",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11007",
"datePublished": "2019-04-08T18:18:08",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11006 (GCVE-0-2019-11006)
Vulnerability from cvelistv5 – Published: 2019-04-08 18:17 – Updated: 2024-08-04 22:40
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/598/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/598/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/598/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/598/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1"
},
{
"name": "[debian-lts-announce] 20190413 [SECURITY] [DLA 1755-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11006",
"datePublished": "2019-04-08T18:17:37",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11005 (GCVE-0-2019-11005)
Vulnerability from cvelistv5 – Published: 2019-04-08 18:17 – Updated: 2024-08-04 22:40
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/600/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/600/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d"
},
{
"name": "openSUSE-SU-2019:1272",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/600/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/600/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d"
},
{
"name": "openSUSE-SU-2019:1272",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html"
},
{
"name": "openSUSE-SU-2019:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11005",
"datePublished": "2019-04-08T18:17:26",
"dateReserved": "2019-04-08T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7397 (GCVE-0-2019-7397)
Vulnerability from cvelistv5 – Published: 2019-02-05 00:00 – Updated: 2024-08-04 20:46
VLAI?
Summary
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106847"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/issues/1454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82"
},
{
"name": "openSUSE-SU-2019:1141",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "USN-4034-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"name": "DSA-4712",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4712"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T11:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106847"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ImageMagick/ImageMagick/issues/1454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82"
},
{
"name": "openSUSE-SU-2019:1141",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "USN-4034-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"name": "DSA-4712",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4712"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106847"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1454",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1454"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82"
},
{
"name": "openSUSE-SU-2019:1141",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "openSUSE-SU-2019:1320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html"
},
{
"name": "USN-4034-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4034-1/"
},
{
"name": "DSA-4712",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4712"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7397",
"datePublished": "2019-02-05T00:00:00",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20189 (GCVE-0-2018-20189)
Vulnerability from cvelistv5 – Published: 2018-12-17 20:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106227"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/585/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20189",
"datePublished": "2018-12-17T20:00:00",
"dateReserved": "2018-12-17T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20185 (GCVE-0-2018-20185)
Vulnerability from cvelistv5 – Published: 2018-12-17 17:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
},
{
"name": "106229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106229"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
},
{
"name": "106229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106229"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/582/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/582/"
},
{
"name": "106229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106229"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20185",
"datePublished": "2018-12-17T17:00:00",
"dateReserved": "2018-12-17T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20184 (GCVE-0-2018-20184)
Vulnerability from cvelistv5 – Published: 2018-12-17 17:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106229"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/583/"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T09:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "106229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106229"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/583/"
},
{
"name": "USN-4207-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106229"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/583/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/583/"
},
{
"name": "USN-4207-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4207-1/"
},
{
"name": "DSA-4640",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20184",
"datePublished": "2018-12-17T17:00:00",
"dateReserved": "2018-12-17T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18544 (GCVE-0-2018-18544)
Vulnerability from cvelistv5 – Published: 2018-10-21 01:00 – Updated: 2024-08-05 11:15
VLAI?
Summary
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:58.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/issues/1360"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog"
},
{
"name": "openSUSE-SU-2019:1141",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "USN-4034-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4034-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-25T14:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ImageMagick/ImageMagick/issues/1360"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog"
},
{
"name": "openSUSE-SU-2019:1141",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "USN-4034-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4034-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1360",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1360"
},
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog",
"refsource": "MISC",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog"
},
{
"name": "openSUSE-SU-2019:1141",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html"
},
{
"name": "USN-4034-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4034-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18544",
"datePublished": "2018-10-21T01:00:00",
"dateReserved": "2018-10-20T00:00:00",
"dateUpdated": "2024-08-05T11:15:58.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9018 (GCVE-0-2018-9018)
Vulnerability from cvelistv5 – Published: 2018-03-25 21:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/554/"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "103526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103526"
},
{
"name": "FEDORA-2019-f12cb1ddab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/"
},
{
"name": "FEDORA-2019-210b0a6e4f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-12T03:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/554/"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "103526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103526"
},
{
"name": "FEDORA-2019-f12cb1ddab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/"
},
{
"name": "FEDORA-2019-210b0a6e4f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/554/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/554/"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "103526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103526"
},
{
"name": "FEDORA-2019-f12cb1ddab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/"
},
{
"name": "FEDORA-2019-210b0a6e4f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9018",
"datePublished": "2018-03-25T21:00:00",
"dateReserved": "2018-03-25T00:00:00",
"dateUpdated": "2024-08-05T07:10:47.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18230 (GCVE-0-2017-18230)
Vulnerability from cvelistv5 – Published: 2018-03-14 02:00 – Updated: 2024-08-05 21:13
VLAI?
Summary
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/473/"
},
{
"name": "USN-4266-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4266-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T15:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/473/"
},
{
"name": "USN-4266-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4266-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f",
"refsource": "CONFIRM",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/473/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/473/"
},
{
"name": "USN-4266-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4266-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18230",
"datePublished": "2018-03-14T02:00:00",
"dateReserved": "2018-03-13T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18229 (GCVE-0-2017-18229)
Vulnerability from cvelistv5 – Published: 2018-03-14 02:00 – Updated: 2024-08-05 21:13
VLAI?
Summary
An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/461/"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "USN-4266-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4266-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T15:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/461/"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "USN-4266-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4266-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32",
"refsource": "CONFIRM",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/461/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/461/"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "USN-4266-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4266-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18229",
"datePublished": "2018-03-14T02:00:00",
"dateReserved": "2018-03-13T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18231 (GCVE-0-2017-18231)
Vulnerability from cvelistv5 – Published: 2018-03-14 02:00 – Updated: 2024-08-05 21:13
VLAI?
Summary
An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/475/"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "USN-4266-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4266-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T15:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/graphicsmagick/bugs/475/"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "USN-4266-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4266-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b",
"refsource": "CONFIRM",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/475/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/475/"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html"
},
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "USN-4266-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4266-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18231",
"datePublished": "2018-03-14T02:00:00",
"dateReserved": "2018-03-13T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}