rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server 12 SP1
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1
Vulnerabilities (149)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8895 | Hig | 7.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Mar 15, 2017 | Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. | |
| CVE-2015-8894 | Med | 5.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Mar 15, 2017 | Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | |
| CVE-2016-10070 | Med | 5.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 3, 2017 | Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |
| CVE-2016-10065 | Hig | 7.8 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 3, 2017 | The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |
| CVE-2016-10061 | Med | 6.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 3, 2017 | The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file. | |
| CVE-2016-10071 | Med | 5.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |
| CVE-2016-10069 | Med | 5.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | |
| CVE-2016-10068 | Med | 5.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | |
| CVE-2016-10064 | Hig | 7.8 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |
| CVE-2016-10063 | Hig | 7.8 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. | |
| CVE-2016-10062 | Med | 5.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |
| CVE-2016-10060 | Med | 6.5 | < 6.8.8.1-59.1 | 6.8.8.1-59.1 | Mar 2, 2017 | The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |
| CVE-2016-9559 | Med | 6.5 | < 6.8.8.1-54.1 | 6.8.8.1-54.1 | Mar 1, 2017 | coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. | |
| CVE-2015-8903 | Med | 6.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Feb 27, 2017 | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | |
| CVE-2015-8902 | Med | 6.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Feb 27, 2017 | The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | |
| CVE-2015-8901 | Med | 6.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Feb 27, 2017 | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |
| CVE-2015-8900 | Med | 5.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Feb 27, 2017 | The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. | |
| CVE-2016-9773 | Med | 5.5 | < 6.8.8.1-54.1 | 6.8.8.1-54.1 | Feb 17, 2017 | Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for | |
| CVE-2016-8677 | Hig | 8.8 | < 6.8.8.1-40.1 | 6.8.8.1-40.1 | Feb 15, 2017 | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | |
| CVE-2016-8866 | Hig | 8.8 | < 6.8.8.1-54.1 | 6.8.8.1-54.1 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE- |
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
- affected < 6.8.8.1-59.1fixed 6.8.8.1-59.1
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
- affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
- affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for
- affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
- affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-
Page 6 of 8