Description GLSAMaker/CVETool Bot 2017-10-28 07:57:28 UTC

CVE-2017-15238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15238):
  ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a
  use-after-free issue when the height or width is zero, related to
  ReadJNGImage.

CVE-2017-14733 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14733):
  ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers
  that specify too few colors, which allows remote attackers to cause a denial
  of service (heap-based buffer over-read and application crash) via a crafted
  file.

CVE-2017-14649 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14649):
  ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not
  properly validate JNG data, leading to a denial of service (assertion
  failure in magick/pixel_cache.c, and application crash).

CVE-2017-14042 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14042):
  A memory allocation failure was discovered in the ReadPNMImage function in
  coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory
  allocation, which may lead to remote denial of service in the MagickRealloc
  function in magick/memory.c.

CVE-2017-13777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13777):
  GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a
  coders/xbm.c "Read hex image data" version==10 case that results in the
  reader not returning; it would cause large amounts of CPU and memory
  consumption although the crafted file itself does not request it.

CVE-2017-13776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13776):
  GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a
  coders/xbm.c "Read hex image data" version!=10 case that results in the
  reader not returning; it would cause large amounts of CPU and memory
  consumption although the crafted file itself does not request it.

CVE-2017-13775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13775):
  GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in
  coders/jnx.c whereby large amounts of CPU and memory resources may be
  consumed although the file itself does not support the requests.

CVE-2017-13648 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-13648):
  In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the
  function ReadMATImage in coders/mat.c.

CVE-2017-11641 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11641):
  GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in
  magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.

CVE-2017-11102 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11102):
  The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows
  remote attackers to cause a denial of service (application crash) during JNG
  reading via a zero-length color_image data structure.