Search
Total
629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18210 | 1 Imagemagick | 1 Imagemagick | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | |||||
| CVE-2018-6876 | 2 Imagemagick, Libfpx Project | 2 Imagemagick, Libfpx | 2018-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. | |||||
| CVE-2010-4167 | 1 Imagemagick | 1 Imagemagick | 2018-01-06 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. | |||||
| CVE-2017-13140 | 1 Imagemagick | 1 Imagemagick | 2017-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. | |||||
| CVE-2017-12671 | 1 Imagemagick | 1 Imagemagick | 2017-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-5508 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. | |||||
| CVE-2016-10146 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.8 HIGH | 7.5 HIGH |
| Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2016-8707 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 6.8 MEDIUM | 7.0 HIGH |
| An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. | |||||
| CVE-2016-10062 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
| CVE-2016-10252 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | |||||
| CVE-2016-10145 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | |||||
| CVE-2017-7606 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |||||
| CVE-2017-5511 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | |||||
| CVE-2006-2440 | 1 Imagemagick | 1 Imagemagick | 2017-10-12 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | |||||
| CVE-2007-1797 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | |||||
| CVE-2006-3743 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. | |||||
| CVE-2006-3744 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | |||||
| CVE-2005-1275 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2017-10-11 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | |||||
| CVE-2005-0762 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | |||||
| CVE-2005-0761 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. | |||||
| CVE-2005-0760 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 5.0 MEDIUM | N/A |
| The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||||
| CVE-2005-0759 | 2 Imagemagick, Sgi | 2 Imagemagick, Propack | 2017-10-11 | 5.0 MEDIUM | N/A |
| ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. | |||||
| CVE-2004-0981 | 4 Debian, Gentoo, Imagemagick and 1 more | 4 Debian Linux, Linux, Imagemagick and 1 more | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | |||||
| CVE-2005-0005 | 6 Debian, Gentoo, Graphicsmagick and 3 more | 6 Debian Linux, Linux, Graphicsmagick and 3 more | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. | |||||
| CVE-2005-0397 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications. | |||||
| CVE-2004-0827 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 14 Linux, Imlib, Imlib2 and 11 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||||
| CVE-2004-0817 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | |||||
| CVE-2008-1096 | 1 Imagemagick | 2 Graphicsmagick, Imagemagick | 2017-09-29 | 6.8 MEDIUM | N/A |
| The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. | |||||
| CVE-2008-1097 | 1 Imagemagick | 2 Graphicsmagick, Imagemagick | 2017-09-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. | |||||
| CVE-2012-3437 | 1 Imagemagick | 1 Imagemagick | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. | |||||
| CVE-2014-9830 | 1 Imagemagick | 1 Imagemagick | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |||||
| CVE-2014-9831 | 1 Imagemagick | 1 Imagemagick | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |||||
| CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2017-08-08 | 6.8 MEDIUM | 8.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||||
| CVE-2017-11753 | 1 Imagemagick | 1 Imagemagick | 2017-08-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. | |||||
| CVE-2017-11750 | 1 Imagemagick | 1 Imagemagick | 2017-08-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2017-11530 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2017-11527 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
| CVE-2017-11526 | 1 Imagemagick | 1 Imagemagick | 2017-07-28 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. | |||||
| CVE-2016-7539 | 1 Imagemagick | 1 Imagemagick | 2017-07-27 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2017-11522 | 1 Imagemagick | 1 Imagemagick | 2017-07-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||||
| CVE-2016-9298 | 1 Imagemagick | 1 Imagemagick | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. | |||||
| CVE-2016-6491 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2017-07-01 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | |||||
| CVE-2016-5010 | 1 Imagemagick | 1 Imagemagick | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. | |||||
| CVE-2016-7516 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. | |||||
| CVE-2014-9837 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | |||||
| CVE-2016-7513 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. | |||||
| CVE-2016-7514 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||||