VYPR

rpm package

suse/ImageMagick&distro=SUSE Linux Enterprise Server 11 SP4

pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Vulnerabilities (332)

  • CVE-2016-5689CriDec 13, 2016
    affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1

    The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.

  • CVE-2016-5688HigDec 13, 2016
    affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1

    The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu

  • CVE-2016-5687CriDec 13, 2016
    affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1

    The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

  • CVE-2016-5118CriJun 10, 2016
    affected < 6.4.3.6-7.40.1fixed 6.4.3.6-7.40.1

    The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.

  • CVE-2016-4564CriJun 4, 2016
    affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1

    The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly

  • CVE-2016-4563HigJun 4, 2016
    affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1

    The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and applicat

  • CVE-2016-4562HigJun 4, 2016
    affected < 6.4.3.6-7.45.1fixed 6.4.3.6-7.45.1

    The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have uns

  • CVE-2016-3718MedKEVMay 5, 2016
    affected < 6.4.3.6-7.34.1fixed 6.4.3.6-7.34.1

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3717MedMay 5, 2016
    affected < 6.4.3.6-7.34.1fixed 6.4.3.6-7.34.1

    The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.

  • CVE-2016-3716LowMay 5, 2016
    affected < 6.4.3.6-7.34.1fixed 6.4.3.6-7.34.1

    The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    affected < 6.4.3.6-7.34.1fixed 6.4.3.6-7.34.1

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2016-3714HigKEVMay 5, 2016
    affected < 6.4.3.6-7.34.1fixed 6.4.3.6-7.34.1

    The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Page 17 of 17