chainguard/imagemagick-6-dev

Vulnerabilities (53)

• CVE-2023-34475Jun 16, 2023
  affected < 0fixed 0

  A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in

• CVE-2023-34474Jun 16, 2023
  affected < 0fixed 0

  A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a deni

• CVE-2023-2157Jun 6, 2023
  affected < 0fixed 0

  A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

• CVE-2023-34153May 30, 2023
  affected < 0fixed 0

  A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

• CVE-2023-34152May 30, 2023
  affected < 0fixed 0

  A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

• CVE-2023-34151May 30, 2023
  affected < 0fixed 0

  A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

• CVE-2023-1289Mar 23, 2023
  affected < 0fixed 0

  A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," result

• CVE-2022-0284Aug 29, 2022
  affected < 0fixed 0

  A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can p

• CVE-2022-2719Aug 9, 2022
  affected < 0fixed 0

  In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

• CVE-2021-3596Feb 24, 2022
  affected < 0fixed 0

  A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentat

• CVE-2020-27769May 14, 2021
  affected < 0fixed 0

  In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

• CVE-2021-20311May 11, 2021
  affected < 0fixed 0

  A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The h

• CVE-2021-20310May 11, 2021
  affected < 0fixed 0

  A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The high

• CVE-2021-20313May 11, 2021
  affected < 0fixed 0

  A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

• CVE-2021-20312May 11, 2021
  affected < 0fixed 0

  A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threa

• CVE-2020-27829Mar 26, 2021
  affected < 0fixed 0

  A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

• CVE-2021-20244Mar 9, 2021
  affected < 0fixed 0

  A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

• CVE-2021-20243Mar 9, 2021
  affected < 0fixed 0

  A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

• CVE-2020-27768Feb 23, 2021
  affected < 0fixed 0

  In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

• CVE-2020-25663Dec 8, 2020
  affected < 0fixed 0

  A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image fi