Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
GraphicsMagick <= 1.3.31 Multiple Vulnerabilities (Linux)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
GraphicsMagick is prone to multiple vulnerabilities.
Insight
Insight
Following vulnerabilities exist: - There is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. - There is a heap-based buffer over-read in the ReadBMP Image function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations on 32-bit platforms with customized BMP limits. - The ReadDIBImage of dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colomapping and therefore lacks indexes initialization.
Affected Software
Affected Software
GraphicsMagick through version 1.3.31.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
No known solution is available as of 03rd April, 2019. Information regarding this issue will be updated once solution details are available.