GraphicsMagick 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk memory corruption、vendor risk input validation, and パス処理の欠陥 があり、vendor surface software deployment の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-32460 | GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call. | [email protected] | 4.0 | 0.15% | 2025-04-09 | 2026-01-29 |
| CVE-2025-27796 | ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. | [email protected] | 4.5 | 0.13% | 2025-03-07 | 2026-01-29 |
| CVE-2025-27795 | ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. | [email protected] | 4.3 | 0.08% | 2025-03-07 | 2026-01-29 |
| CVE-2020-21679 | Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. | [email protected] | 5.5 | 0.12% | 2023-08-22 | 2024-11-21 |
| CVE-2022-1270 | In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. | [email protected] | 7.8 | 0.05% | 2022-09-28 | 2025-05-21 |
| CVE-2020-12672 | GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. | [email protected] | 7.5 | 2.69% | 2020-05-06 | 2024-11-21 |
| CVE-2020-10938 | GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. | [email protected] | 9.8 | 2.53% | 2020-03-24 | 2024-11-21 |
| CVE-2019-12921 | In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | [email protected] | 6.5 | 5.10% | 2020-03-18 | 2024-11-21 |
| CVE-2019-19953 | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | [email protected] | 9.1 | 1.31% | 2019-12-24 | 2024-11-21 |
| CVE-2019-19951 | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | [email protected] | 9.8 | 1.44% | 2019-12-24 | 2024-11-21 |
| CVE-2019-19950 | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | [email protected] | 9.8 | 1.20% | 2019-12-24 | 2024-11-21 |
| CVE-2019-11506 | In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. | [email protected] | 8.8 | 1.49% | 2019-04-24 | 2024-11-21 |
| CVE-2019-11505 | In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. | [email protected] | 8.8 | 1.12% | 2019-04-24 | 2024-11-21 |
| CVE-2019-11474 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | [email protected] | 6.5 | 2.46% | 2019-04-23 | 2024-11-21 |
| CVE-2019-11473 | coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009. | [email protected] | 6.5 | 0.98% | 2019-04-23 | 2024-11-21 |
| CVE-2019-11010 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file. | [email protected] | 6.5 | 0.64% | 2019-04-08 | 2024-11-21 |
| CVE-2019-11009 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. | [email protected] | 8.1 | 1.33% | 2019-04-08 | 2024-11-21 |
| CVE-2019-11008 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | [email protected] | 8.8 | 0.92% | 2019-04-08 | 2024-11-21 |
| CVE-2019-11007 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | [email protected] | 8.1 | 1.34% | 2019-04-08 | 2024-11-21 |
| CVE-2019-11006 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. | [email protected] | 9.1 | 1.41% | 2019-04-08 | 2024-11-21 |