VYPR

apk package

chainguard/imagemagick-6

pkg:apk/chainguard/imagemagick-6

Vulnerabilities (56)

  • CVE-2021-20243Mar 9, 2021
    affected < 0fixed 0

    A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

  • CVE-2020-27768Feb 23, 2021
    affected < 0fixed 0

    In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

  • CVE-2020-25663Dec 8, 2020
    affected < 0fixed 0

    A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image fi

  • CVE-2019-17547Oct 14, 2019
    affected < 0fixed 0

    In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.

  • CVE-2019-13136Jul 1, 2019
    affected < 0fixed 0

    ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.

  • CVE-2018-16329Sep 1, 2018
    affected < 0fixed 0

    In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.

  • CVE-2018-16328Sep 1, 2018
    affected < 0fixed 0

    In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.

  • CVE-2017-11447MedJul 19, 2017
    affected < 0fixed 0

    The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.

  • CVE-2016-7538MedApr 20, 2017
    affected < 0fixed 0

    coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

  • CVE-2016-7514MedApr 20, 2017
    affected < 0fixed 0

    The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.

  • CVE-2016-7531MedApr 19, 2017
    affected < 0fixed 0

    MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.

  • CVE-2014-9826CriMar 30, 2017
    affected < 0fixed 0

    ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.

  • CVE-2017-5506HigMar 24, 2017
    affected < 0fixed 0

    Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2016-10062MedMar 2, 2017
    affected < 0fixed 0

    The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

  • CVE-2016-5841CriDec 13, 2016
    affected < 0fixed 0

    Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.

  • CVE-2016-5118CriJun 10, 2016
    affected < 0fixed 0

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

Page 3 of 3