rpm package
opensuse/ImageMagick&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed
Vulnerabilities (152)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1115 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Aug 29, 2022 | A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. | ||
| CVE-2022-0284 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Aug 29, 2022 | A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can p | ||
| CVE-2022-2719 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Aug 9, 2022 | In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. | ||
| CVE-2022-32547 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Jun 16, 2022 | In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to | ||
| CVE-2022-32546 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Jun 16, 2022 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined | ||
| CVE-2022-32545 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Jun 16, 2022 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined | ||
| CVE-2022-28463 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | May 8, 2022 | ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | ||
| CVE-2022-1114 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Apr 29, 2022 | A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial | ||
| CVE-2021-4219 | — | < 7.1.1.17-1.1 | 7.1.1.17-1.1 | Mar 23, 2022 | A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. | ||
| CVE-2021-20312 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | May 11, 2021 | A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threa | ||
| CVE-2021-20246 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Mar 9, 2021 | A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-27755 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 8, 2020 | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwi | ||
| CVE-2020-27750 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 8, 2020 | A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division | ||
| CVE-2020-25666 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 8, 2020 | There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. | ||
| CVE-2020-27775 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application | ||
| CVE-2020-27770 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 4, 2020 | Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects Image | ||
| CVE-2020-27765 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could | ||
| CVE-2020-27760 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 3, 2020 | In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciproc | ||
| CVE-2019-19949 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Dec 24, 2019 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | ||
| CVE-2019-16710 | — | < 7.1.0.9-1.1 | 7.1.0.9-1.1 | Sep 23, 2019 | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. |
- CVE-2022-1115Aug 29, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
- CVE-2022-0284Aug 29, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can p
- CVE-2022-2719Aug 9, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
- CVE-2022-32547Jun 16, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to
- CVE-2022-32546Jun 16, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined
- CVE-2022-32545Jun 16, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined
- CVE-2022-28463May 8, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
- CVE-2022-1114Apr 29, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial
- CVE-2021-4219Mar 23, 2022affected < 7.1.1.17-1.1fixed 7.1.1.17-1.1
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.
- CVE-2021-20312May 11, 2021affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threa
- CVE-2021-20246Mar 9, 2021affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
- CVE-2020-27755Dec 8, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwi
- CVE-2020-27750Dec 8, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division
- CVE-2020-25666Dec 8, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`.
- CVE-2020-27775Dec 4, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application
- CVE-2020-27770Dec 4, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects Image
- CVE-2020-27765Dec 4, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could
- CVE-2020-27760Dec 3, 2020affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciproc
- CVE-2019-19949Dec 24, 2019affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
- CVE-2019-16710Sep 23, 2019affected < 7.1.0.9-1.1fixed 7.1.0.9-1.1
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
Page 6 of 8