rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server 12 SP1
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1
Vulnerabilities (149)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5118 | Cri | 9.8 | < 6.8.8.1-25.1 | 6.8.8.1-25.1 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |
| CVE-2016-4564 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Jun 4, 2016 | The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly | |
| CVE-2016-4563 | Hig | 8.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Jun 4, 2016 | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and applicat | |
| CVE-2016-4562 | Hig | 8.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Jun 4, 2016 | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have uns | |
| CVE-2016-3718 | Med | 5.5 | KEV | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
| CVE-2016-3717 | Med | 5.5 | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |
| CVE-2016-3716 | Low | 3.3 | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | |
| CVE-2016-3715 | Med | 5.5 | KEV | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
| CVE-2016-3714 | Hig | 8.4 | KEV | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." |
- affected < 6.8.8.1-25.1fixed 6.8.8.1-25.1
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and applicat
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have uns
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
Page 8 of 8