Total vulnerabilities in the database
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
| Software | From | Fixed in |
|---|---|---|
| imagemagick / graphicsmagick | 1.1.9 | 1.1.9.x |
| imagemagick / graphicsmagick | 1.1.7 | 1.1.7.x |
| imagemagick / graphicsmagick | 1.1.10 | 1.1.10.x |
| imagemagick / graphicsmagick | 1.1.11 | 1.1.11.x |
| imagemagick / imagemagick | 6.2.8.1 | 6.2.8.1.x |
| imagemagick / imagemagick | 6.2.8.0 | 6.2.8.0.x |
| imagemagick / graphicsmagick | 1.1.8 | 1.1.8.x |
| imagemagick / graphicsmagick | 1.1.12 | 1.1.12.x |
| imagemagick / imagemagick | 6.2.8.3 | 6.2.8.3.x |
| imagemagick / imagemagick | 6.2.8.2 | 6.2.8.2.x |