ALAS-2017-820 ---- GraphicsMagickID: oval:org.secpod.oval:def:1600692 | Date: (C)2017-04-21 (M)2023-08-07 |
Class: PATCH | Family: unix |
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a small samples per pixel value in a CMYKA TIFF file.The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via vectors related to a ReferenceBlob and a NULL pointer.Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service via a crafted SCT header. The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service via large dimensions in a jpeg image. Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service via a crafted 8BIM chunk, which triggers a heap-based buffer overflow
Platform: |
Amazon Linux AMI |