rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (49)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27775 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application | ||
| CVE-2020-27774 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application | ||
| CVE-2020-27773 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead t | ||
| CVE-2020-27772 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availa | ||
| CVE-2020-27771 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefin | ||
| CVE-2020-27770 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects Image | ||
| CVE-2020-27767 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact | ||
| CVE-2020-27766 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to applica | ||
| CVE-2020-27765 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 4, 2020 | A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could | ||
| CVE-2020-27764 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 3, 2020 | In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked thi | ||
| CVE-2020-27763 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 3, 2020 | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could p | ||
| CVE-2020-27762 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 3, 2020 | A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application avail | ||
| CVE-2020-27761 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 3, 2020 | WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instea | ||
| CVE-2020-27760 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 3, 2020 | In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciproc | ||
| CVE-2020-27759 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Dec 3, 2020 | In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by | ||
| CVE-2020-19667 | — | < 6.8.8.1-71.154.1 | 6.8.8.1-71.154.1 | Nov 20, 2020 | Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. | ||
| CVE-2019-11009 | — | < 6.8.8.1-71.108.1 | 6.8.8.1-71.108.1 | Apr 8, 2019 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file. | ||
| CVE-2019-11008 | — | < 6.8.8.1-71.108.1 | 6.8.8.1-71.108.1 | Apr 8, 2019 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||
| CVE-2019-11007 | — | < 6.8.8.1-71.108.1 | 6.8.8.1-71.108.1 | Apr 8, 2019 | In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. | ||
| CVE-2019-10650 | — | < 6.8.8.1-71.108.1 | 6.8.8.1-71.108.1 | Mar 30, 2019 | In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. |
- CVE-2020-27775Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application
- CVE-2020-27774Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application
- CVE-2020-27773Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead t
- CVE-2020-27772Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availa
- CVE-2020-27771Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefin
- CVE-2020-27770Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects Image
- CVE-2020-27767Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact
- CVE-2020-27766Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to applica
- CVE-2020-27765Dec 4, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could
- CVE-2020-27764Dec 3, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked thi
- CVE-2020-27763Dec 3, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could p
- CVE-2020-27762Dec 3, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application avail
- CVE-2020-27761Dec 3, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instea
- CVE-2020-27760Dec 3, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciproc
- CVE-2020-27759Dec 3, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by
- CVE-2020-19667Nov 20, 2020affected < 6.8.8.1-71.154.1fixed 6.8.8.1-71.154.1
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
- CVE-2019-11009Apr 8, 2019affected < 6.8.8.1-71.108.1fixed 6.8.8.1-71.108.1
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
- CVE-2019-11008Apr 8, 2019affected < 6.8.8.1-71.108.1fixed 6.8.8.1-71.108.1
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
- CVE-2019-11007Apr 8, 2019affected < 6.8.8.1-71.108.1fixed 6.8.8.1-71.108.1
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
- CVE-2019-10650Mar 30, 2019affected < 6.8.8.1-71.108.1fixed 6.8.8.1-71.108.1
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
Page 2 of 3