apk package

chainguard/imagemagick-6-static

pkg:apk/chainguard/imagemagick-6-static

Vulnerabilities (53)

CVE	Sev	CVSS	Affected versions	Published	Description
CVE-2019-17547		—	< 0	Oct 14, 2019	In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-13136		—	< 0	Jul 1, 2019	ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
CVE-2018-16329		—	< 0	Sep 1, 2018	In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2018-16328		—	< 0	Sep 1, 2018	In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2017-11447	Med	6.5	< 0	Jul 19, 2017	The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVE-2016-7538	Med	6.5	< 0	Apr 20, 2017	coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2016-7514	Med	6.5	< 0	Apr 20, 2017	The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7531	Med	6.5	< 0	Apr 19, 2017	MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
CVE-2014-9826	Cri	9.8	< 0	Mar 30, 2017	ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVE-2017-5506	Hig	7.8	< 0	Mar 24, 2017	Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVE-2016-10062	Med	5.5	< 0	Mar 2, 2017	The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-5841	Cri	9.8	< 0	Dec 13, 2016	Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVE-2016-5118	Cri	9.8	< 0	Jun 10, 2016	The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.

CVE-2019-17547Oct 14, 2019
affected < 0fixed 0
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-13136Jul 1, 2019
affected < 0fixed 0
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
CVE-2018-16329Sep 1, 2018
affected < 0fixed 0
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2018-16328Sep 1, 2018
affected < 0fixed 0
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2017-11447MedJul 19, 2017
affected < 0fixed 0
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVE-2016-7538MedApr 20, 2017
affected < 0fixed 0
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2016-7514MedApr 20, 2017
affected < 0fixed 0
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7531MedApr 19, 2017
affected < 0fixed 0
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
CVE-2014-9826CriMar 30, 2017
affected < 0fixed 0
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVE-2017-5506HigMar 24, 2017
affected < 0fixed 0
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVE-2016-10062MedMar 2, 2017
affected < 0fixed 0
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-5841CriDec 13, 2016
affected < 0fixed 0
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVE-2016-5118CriJun 10, 2016
affected < 0fixed 0
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Page 3 of 3