Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Imagemagick Subscribe
Filtered by product Imagemagick

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 629 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9915 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
CVE-2016-10046 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10047 1 Imagemagick 1 Imagemagick 2017-03-24 7.1 HIGH 5.5 MEDIUM
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
CVE-2016-10048 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2017-03-24 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVE-2014-9840 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVE-2014-9839 1 Imagemagick 1 Imagemagick 2017-03-24 5.0 MEDIUM 7.5 HIGH
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVE-2014-9838 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVE-2014-9834 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVE-2014-9835 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
CVE-2014-9832 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
CVE-2014-9833 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVE-2014-9836 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVE-2015-8894 1 Imagemagick 1 Imagemagick 2017-03-17 4.3 MEDIUM 5.5 MEDIUM
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
CVE-2016-10069 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2017-03-07 4.3 MEDIUM 5.5 MEDIUM
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVE-2016-10067 1 Imagemagick 1 Imagemagick 2017-03-07 5.0 MEDIUM 7.5 HIGH
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
CVE-2016-9773 1 Imagemagick 1 Imagemagick 2017-02-23 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVE-2016-8678 1 Imagemagick 1 Imagemagick 2017-02-22 4.3 MEDIUM 5.5 MEDIUM
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
CVE-2016-5687 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVE-2016-5688 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 6.8 MEDIUM 8.1 HIGH
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
CVE-2016-5689 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVE-2016-5691 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVE-2016-5690 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
CVE-2016-5841 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-15 7.5 HIGH 9.8 CRITICAL
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVE-2003-0555 1 Imagemagick 1 Imagemagick 2016-10-18 7.5 HIGH N/A
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
CVE-2016-4562 1 Imagemagick 1 Imagemagick 2016-09-23 6.8 MEDIUM 8.8 HIGH
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2016-4563 1 Imagemagick 1 Imagemagick 2016-09-23 6.8 MEDIUM 8.8 HIGH
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2016-4564 1 Imagemagick 1 Imagemagick 2016-09-23 7.5 HIGH 9.8 CRITICAL
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2013-4298 1 Imagemagick 1 Imagemagick 2013-09-18 4.3 MEDIUM N/A
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
CVE-2005-3582 1 Imagemagick 1 Imagemagick 2011-03-08 7.2 HIGH N/A
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.