Search
Total
629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8862 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |||||
| CVE-2017-11449 | 1 Imagemagick | 1 Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. | |||||
| CVE-2019-17541 | 1 Imagemagick | 1 Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | |||||
| CVE-2016-8677 | 3 Debian, Imagemagick, Opensuse | 3 Debian Linux, Imagemagick, Opensuse | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | |||||
| CVE-2019-17540 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | |||||
| CVE-2017-11450 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | |||||
| CVE-2016-6520 | 1 Imagemagick | 1 Imagemagick | 2021-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |||||
| CVE-2020-27829 | 1 Imagemagick | 1 Imagemagick | 2021-03-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. | |||||
| CVE-2020-29599 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-29 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. | |||||
| CVE-2020-27764 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 3.3 LOW |
| In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. | |||||
| CVE-2020-27754 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 3.3 LOW |
| In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. | |||||
| CVE-2020-27768 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 3.3 LOW |
| In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2021-20246 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2021-03-25 | 7.1 HIGH | 5.5 MEDIUM |
| A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20244 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2021-03-25 | 7.1 HIGH | 5.5 MEDIUM |
| A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20241 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2017-14528 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. | |||||
| CVE-2020-19667 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. | |||||
| CVE-2016-10049 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | |||||
| CVE-2015-8959 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 7.1 HIGH | 6.5 MEDIUM |
| coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | |||||
| CVE-2016-10050 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | |||||
| CVE-2016-10051 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10052 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10053 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||||
| CVE-2016-10054 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10055 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10056 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10057 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10058 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 7.1 HIGH | 5.5 MEDIUM |
| Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | |||||
| CVE-2016-10063 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. | |||||
| CVE-2016-10064 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-10070 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
| CVE-2016-10071 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
| CVE-2016-7526 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||||
| CVE-2016-7527 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7528 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. | |||||
| CVE-2016-7537 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. | |||||
| CVE-2016-7536 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | |||||
| CVE-2017-17499 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-28 | 7.5 HIGH | 9.8 CRITICAL |
| ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |||||
| CVE-2017-5509 | 1 Imagemagick | 1 Imagemagick | 2020-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | |||||
| CVE-2017-5510 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | |||||
| CVE-2017-14174 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-23 | 7.1 HIGH | 6.5 MEDIUM |
| In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-16546 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. | |||||
| CVE-2017-9144 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | |||||
| CVE-2017-9143 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | |||||
| CVE-2017-9141 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | |||||
| CVE-2017-9142 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||||
| CVE-2017-5507 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. | |||||
| CVE-2017-5506 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 6.8 MEDIUM | 7.8 HIGH |
| Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. | |||||
| CVE-2017-14341 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-15 | 7.1 HIGH | 6.5 MEDIUM |
| ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | |||||
| CVE-2017-14173 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. | |||||