Search CVE reports
1 – 10 of 141 results
CVE-2025-32460
Medium priorityGraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2025-27796
Medium priorityReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2025-27795
Medium priorityReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2020-21679
Medium priorityBuffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | Not affected | Not affected | Not affected | Ignored | Ignored |
CVE-2022-1270
Medium priorityIn GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Fixed | Fixed | Fixed |
CVE-2020-15999
High prioritySome fixes available 15 of 16
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
android, chromium-browser, firefox, freetype, godot...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
| firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
| freetype | Fixed | Fixed | Fixed | Fixed | Fixed |
| godot | Not affected | Not affected | Not affected | Not in release | Not in release |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
| musescore | Not in release | Not in release | Not affected | Not affected | Not affected |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-13 | Not in release | Not in release | Not affected | Not in release | Not in release |
| openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not in release |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Not affected |
| paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-12672
Medium prioritySome fixes available 4 of 5
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Fixed | Fixed | Fixed |
CVE-2020-10938
Medium prioritySome fixes available 3 of 4
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Not affected | Fixed | Fixed |
CVE-2019-12921
Medium prioritySome fixes available 3 of 6
In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Not affected | Fixed | Fixed |
CVE-2019-19953
Medium prioritySome fixes available 3 of 5
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
1 affected package
graphicsmagick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| graphicsmagick | — | Not affected | Not affected | Fixed | Fixed |