Zero-friction vulnerability management platform
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
GraphicsMagick 1.3.26 Multiple DoS Vulnerabilities (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
GraphicsMagick is prone to multiple Denial of Service vulnerabilities, exploitable via specially crafted files.
Insight
Insight
Following vulnerabilities exist: An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file.
Affected Software
Affected Software
GraphicsMagick through version 1.3.26.
Detection Method
Detection Method
The script checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 1.3.27 or above.