rpm package
opensuse/ImageMagick&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ImageMagick&distro=openSUSE%20Tumbleweed
Vulnerabilities (152)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3715 | Med | 5.5 | KEV | < 6.9.6.6-1.1 | 6.9.6.6-1.1 | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
| CVE-2016-3714 | Hig | 8.4 | KEV | < 6.9.6.6-1.1 | 6.9.6.6-1.1 | May 5, 2016 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." |
| CVE-2012-1186 | Med | 5.5 | < 6.9.6.6-1.1 | 6.9.6.6-1.1 | Jun 5, 2012 | Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fi | |
| CVE-2012-1185 | Hig | 7.8 | < 6.9.6.6-1.1 | 6.9.6.6-1.1 | Jun 5, 2012 | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF | |
| CVE-2012-0248 | Med | 5.5 | < 6.9.6.6-1.1 | 6.9.6.6-1.1 | Jun 5, 2012 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | |
| CVE-2012-0247 | Hig | 8.8 | < 6.9.6.6-1.1 | 6.9.6.6-1.1 | Jun 5, 2012 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | |
| CVE-2007-4987 | — | < 7.1.0.8-1.2 | 7.1.0.8-1.2 | Sep 24, 2007 | Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. | ||
| CVE-2007-4985 | — | < 7.1.0.8-1.2 | 7.1.0.8-1.2 | Sep 24, 2007 | ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, relat | ||
| CVE-2007-1797 | — | < 7.1.0.8-1.2 | 7.1.0.8-1.2 | Apr 2, 2007 | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which re | ||
| CVE-2006-5456 | — | < 7.1.0.8-1.2 | 7.1.0.8-1.2 | Oct 23, 2006 | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PA | ||
| CVE-2006-0082 | — | < 7.1.0.8-1.2 | 7.1.0.8-1.2 | Jan 4, 2006 | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as | ||
| CVE-2005-4601 | — | < 7.1.0.8-1.2 | 7.1.0.8-1.2 | Dec 31, 2005 | The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. |
- affected < 6.9.6.6-1.1fixed 6.9.6.6-1.1
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- affected < 6.9.6.6-1.1fixed 6.9.6.6-1.1
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
- affected < 6.9.6.6-1.1fixed 6.9.6.6-1.1
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fi
- affected < 6.9.6.6-1.1fixed 6.9.6.6-1.1
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF
- affected < 6.9.6.6-1.1fixed 6.9.6.6-1.1
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
- affected < 6.9.6.6-1.1fixed 6.9.6.6-1.1
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
- CVE-2007-4987Sep 24, 2007affected < 7.1.0.8-1.2fixed 7.1.0.8-1.2
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
- CVE-2007-4985Sep 24, 2007affected < 7.1.0.8-1.2fixed 7.1.0.8-1.2
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, relat
- CVE-2007-1797Apr 2, 2007affected < 7.1.0.8-1.2fixed 7.1.0.8-1.2
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which re
- CVE-2006-5456Oct 23, 2006affected < 7.1.0.8-1.2fixed 7.1.0.8-1.2
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PA
- CVE-2006-0082Jan 4, 2006affected < 7.1.0.8-1.2fixed 7.1.0.8-1.2
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as
- CVE-2005-4601Dec 31, 2005affected < 7.1.0.8-1.2fixed 7.1.0.8-1.2
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
Page 8 of 8