Filtered by vendor Imagemagick
Subscribe
Search
Total
630 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9845 | 5 Canonical, Imagemagick, Opensuse and 2 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | |||||
| CVE-2014-9846 | 5 Canonical, Imagemagick, Opensuse and 2 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | |||||
| CVE-2016-10068 | 3 Imagemagick, Opensuse, Opensuse Project | 3 Imagemagick, Leap, Leap | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | |||||
| CVE-2014-9849 | 4 Canonical, Imagemagick, Opensuse and 1 more | 9 Ubuntu Linux, Imagemagick, Opensuse and 6 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2014-9850 | 4 Canonical, Imagemagick, Opensuse and 1 more | 8 Ubuntu Linux, Imagemagick, Opensuse and 5 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | |||||
| CVE-2014-9854 | 4 Canonical, Imagemagick, Opensuse and 1 more | 7 Ubuntu Linux, Imagemagick, Leap and 4 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | |||||
| CVE-2014-9853 | 6 Canonical, Imagemagick, Novell and 3 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | |||||
| CVE-2014-9847 | 4 Canonical, Imagemagick, Opensuse and 1 more | 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more | 2018-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | |||||
| CVE-2014-9851 | 4 Canonical, Imagemagick, Opensuse and 1 more | 9 Ubuntu Linux, Imagemagick, Opensuse and 6 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-16642 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-10-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. | |||||
| CVE-2018-16328 | 1 Imagemagick | 1 Imagemagick | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | |||||
| CVE-2018-16329 | 1 Imagemagick | 1 Imagemagick | 2018-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | |||||
| CVE-2006-0082 | 1 Imagemagick | 1 Imagemagick | 2018-10-19 | 5.1 MEDIUM | N/A |
| Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | |||||
| CVE-2005-4601 | 1 Imagemagick | 1 Imagemagick | 2018-10-19 | 7.5 HIGH | N/A |
| The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. | |||||
| CVE-2017-15277 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | |||||
| CVE-2006-5456 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | |||||
| CVE-2006-4144 | 1 Imagemagick | 1 Imagemagick | 2018-10-17 | 2.6 LOW | N/A |
| Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. | |||||
| CVE-2006-5868 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-10-17 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | |||||
| CVE-2007-1667 | 2 Imagemagick, X.org | 2 Imagemagick, Libx11 | 2018-10-16 | 9.3 HIGH | N/A |
| Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. | |||||
| CVE-2007-0770 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-16 | 9.3 HIGH | N/A |
| Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. | |||||
| CVE-2007-4988 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 6.8 MEDIUM | N/A |
| Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. | |||||
| CVE-2007-4985 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 4.3 MEDIUM | N/A |
| ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. | |||||
| CVE-2007-4986 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-4987 | 1 Imagemagick | 1 Imagemagick | 2018-10-15 | 9.3 HIGH | N/A |
| Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. | |||||
| CVE-2009-1882 | 1 Imagemagick | 1 Imagemagick | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2016-3718 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 4.3 MEDIUM | 6.3 MEDIUM |
| The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |||||
| CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 7.1 HIGH | 5.5 MEDIUM |
| The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |||||
| CVE-2016-3716 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 4.3 MEDIUM | 3.3 LOW |
| The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |||||
| CVE-2016-3715 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2018-10-09 | 5.8 MEDIUM | 5.5 MEDIUM |
| The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |||||
| CVE-2005-1739 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-03 | 5.0 MEDIUM | N/A |
| The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | |||||
| CVE-2017-18250 | 1 Imagemagick | 1 Imagemagick | 2018-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2018-12599 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | |||||
| CVE-2018-12600 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | |||||
| CVE-2016-5239 | 1 Imagemagick | 1 Imagemagick | 2018-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2017-18272 | 1 Imagemagick | 1 Imagemagick | 2018-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. | |||||
| CVE-2017-12431 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-14224 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |||||
| CVE-2017-12983 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-11640 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | |||||
| CVE-2017-14682 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | |||||
| CVE-2017-14989 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | |||||
| CVE-2017-13143 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. | |||||
| CVE-2017-13144 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. | |||||
| CVE-2017-13758 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | |||||
| CVE-2018-11624 | 1 Imagemagick | 1 Imagemagick | 2018-06-06 | 6.8 MEDIUM | 8.8 HIGH |
| In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | |||||
| CVE-2015-8895 | 1 Imagemagick | 1 Imagemagick | 2018-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. | |||||
| CVE-2015-8897 | 1 Imagemagick | 1 Imagemagick | 2018-05-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. | |||||
| CVE-2015-8898 | 1 Imagemagick | 1 Imagemagick | 2018-05-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | |||||
| CVE-2017-18253 | 1 Imagemagick | 1 Imagemagick | 2018-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2018-7470 | 1 Imagemagick | 1 Imagemagick | 2018-03-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | |||||