rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (332)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8901 | Med | 6.5 | < 6.4.3.6-7.45.1 | 6.4.3.6-7.45.1 | Feb 27, 2017 | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |
| CVE-2016-9773 | Med | 5.5 | < 6.4.3.6-7.60.1 | 6.4.3.6-7.60.1 | Feb 17, 2017 | Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for | |
| CVE-2016-8866 | Hig | 8.8 | < 6.4.3.6-7.60.1 | 6.4.3.6-7.60.1 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE- | |
| CVE-2016-8862 | Hig | 8.8 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |
| CVE-2016-8684 | Hig | 7.8 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Feb 15, 2017 | The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |
| CVE-2016-8683 | Hig | 7.8 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Feb 15, 2017 | The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file." | |
| CVE-2016-8682 | Hig | 7.5 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Feb 15, 2017 | The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. | |
| CVE-2016-7800 | Hig | 7.5 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Feb 6, 2017 | Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | |
| CVE-2016-7997 | Hig | 7.5 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Jan 18, 2017 | The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |
| CVE-2016-7996 | Cri | 9.8 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Jan 18, 2017 | Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. | |
| CVE-2016-7799 | Med | 6.5 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Jan 18, 2017 | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |
| CVE-2016-7101 | Med | 6.5 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Jan 18, 2017 | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |
| CVE-2016-6823 | Hig | 7.5 | < 6.4.3.6-7.54.1 | 6.4.3.6-7.54.1 | Jan 18, 2017 | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | |
| CVE-2016-8707 | Hig | 7.8 | < 6.4.3.6-7.60.1 | 6.4.3.6-7.60.1 | Dec 23, 2016 | An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can | |
| CVE-2016-6520 | Cri | 9.1 | < 6.4.3.6-7.48.1 | 6.4.3.6-7.48.1 | Dec 13, 2016 | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |
| CVE-2016-6491 | Hig | 8.8 | < 6.4.3.6-7.48.1 | 6.4.3.6-7.48.1 | Dec 13, 2016 | Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | |
| CVE-2016-5842 | Hig | 7.5 | < 6.4.3.6-7.45.1 | 6.4.3.6-7.45.1 | Dec 13, 2016 | MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | |
| CVE-2016-5841 | Cri | 9.8 | < 6.4.3.6-7.45.1 | 6.4.3.6-7.45.1 | Dec 13, 2016 | Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | |
| CVE-2016-5691 | Cri | 9.8 | < 6.4.3.6-7.45.1 | 6.4.3.6-7.45.1 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |
| CVE-2016-5690 | Cri | 9.8 | < 6.4.3.6-7.45.1 | 6.4.3.6-7.45.1 | Dec 13, 2016 | The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. |
- affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
- affected < 6.4.3.6-7.60.1fixed 6.4.3.6-7.60.1
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for
- affected < 6.4.3.6-7.60.1fixed 6.4.3.6-7.60.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
- affected < 6.4.3.6-7.54.1fixed 6.4.3.6-7.54.1
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
- affected < 6.4.3.6-7.60.1fixed 6.4.3.6-7.60.1
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can
- affected < 6.4.3.6-7.48.1fixed 6.4.3.6-7.48.1
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
- affected < 6.4.3.6-7.48.1fixed 6.4.3.6-7.48.1
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
- affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
- affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
- affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
- affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
Page 16 of 17