Filtered by vendor Imagemagick
Subscribe
Search
Total
367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14437 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. | |||||
| CVE-2018-16645 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. | |||||
| CVE-2018-16640 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | |||||
| CVE-2018-16641 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. | |||||
| CVE-2017-11529 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2017-11528 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||||
| CVE-2018-17965 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. | |||||
| CVE-2018-17966 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. | |||||
| CVE-2018-17967 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. | |||||
| CVE-2018-18016 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | |||||
| CVE-2018-18544 | 3 Graphicsmagick, Imagemagick, Opensuse | 3 Graphicsmagick, Imagemagick, Leap | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. | |||||
| CVE-2017-10995 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | |||||
| CVE-2018-5246 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | |||||
| CVE-2018-5247 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | |||||
| CVE-2018-5358 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | |||||
| CVE-2018-6930 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. | |||||
| CVE-2017-11360 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | |||||
| CVE-2017-11478 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | |||||
| CVE-2017-11523 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. | |||||
| CVE-2017-11524 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. | |||||
| CVE-2017-11505 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. | |||||
| CVE-2017-11525 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2018-15607 | 1 Imagemagick | 1 Imagemagick | 2019-06-25 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. | |||||
| CVE-2018-18023 | 1 Imagemagick | 1 Imagemagick | 2019-06-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. | |||||
| CVE-2017-13142 | 1 Imagemagick | 1 Imagemagick | 2019-05-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. | |||||
| CVE-2017-14342 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-04-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | |||||
| CVE-2017-6500 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | |||||
| CVE-2017-6501 | 1 Imagemagick | 1 Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. | |||||
| CVE-2017-6498 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2019-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | |||||
| CVE-2017-6502 | 1 Imagemagick | 1 Imagemagick | 2019-03-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). | |||||
| CVE-2014-9844 | 5 Canonical, Imagemagick, Opensuse and 2 more | 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||||
| CVE-2014-9853 | 6 Canonical, Imagemagick, Novell and 3 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||||
| CVE-2014-9845 | 5 Canonical, Imagemagick, Opensuse and 2 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | |||||
| CVE-2016-10068 | 3 Imagemagick, Opensuse, Opensuse Project | 3 Imagemagick, Leap, Leap | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | |||||
| CVE-2018-16642 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. | |||||
| CVE-2017-15277 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | |||||
| CVE-2016-3718 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 4.3 MEDIUM | 6.3 MEDIUM |
| The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |||||
| CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 7.1 HIGH | 5.5 MEDIUM |
| The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |||||
| CVE-2016-3715 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 5.8 MEDIUM | 5.5 MEDIUM |
| The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |||||
| CVE-2017-18250 | 1 Imagemagick | 1 Imagemagick | 2018-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-18272 | 1 Imagemagick | 1 Imagemagick | 2018-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. | |||||
| CVE-2017-14989 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | |||||
| CVE-2017-13758 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | |||||
| CVE-2017-11640 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | |||||
| CVE-2017-12431 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-13144 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. | |||||
| CVE-2015-8897 | 1 Imagemagick | 1 Imagemagick | 2018-05-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. | |||||
| CVE-2015-8898 | 1 Imagemagick | 1 Imagemagick | 2018-05-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | |||||
| CVE-2017-18253 | 1 Imagemagick | 1 Imagemagick | 2018-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2018-7470 | 1 Imagemagick | 1 Imagemagick | 2018-03-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | |||||