rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (162)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7799 | Med | 6.5 | < 6.8.8.1-40.1 | 6.8.8.1-40.1 | Jan 18, 2017 | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |
| CVE-2016-7101 | Med | 6.5 | < 6.8.8.1-40.1 | 6.8.8.1-40.1 | Jan 18, 2017 | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | |
| CVE-2016-6823 | Hig | 7.5 | < 6.8.8.1-40.1 | 6.8.8.1-40.1 | Jan 18, 2017 | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | |
| CVE-2016-8707 | Hig | 7.8 | < 6.8.8.1-54.1 | 6.8.8.1-54.1 | Dec 23, 2016 | An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can | |
| CVE-2016-6520 | Cri | 9.1 | < 6.8.8.1-33.1 | 6.8.8.1-33.1 | Dec 13, 2016 | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |
| CVE-2016-6491 | Hig | 8.8 | < 6.8.8.1-33.1 | 6.8.8.1-33.1 | Dec 13, 2016 | Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | |
| CVE-2016-5842 | Hig | 7.5 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | |
| CVE-2016-5841 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | |
| CVE-2016-5691 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |
| CVE-2016-5690 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. | |
| CVE-2016-5689 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. | |
| CVE-2016-5688 | Hig | 8.1 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu | |
| CVE-2016-5687 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Dec 13, 2016 | The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | |
| CVE-2016-5118 | Cri | 9.8 | < 6.8.8.1-25.1 | 6.8.8.1-25.1 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |
| CVE-2016-4564 | Cri | 9.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Jun 4, 2016 | The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly | |
| CVE-2016-4563 | Hig | 8.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Jun 4, 2016 | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and applicat | |
| CVE-2016-4562 | Hig | 8.8 | < 6.8.8.1-30.2 | 6.8.8.1-30.2 | Jun 4, 2016 | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have uns | |
| CVE-2016-3718 | Med | 5.5 | KEV | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. |
| CVE-2016-3717 | Med | 5.5 | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | |
| CVE-2016-3716 | Low | 3.3 | < 6.8.8.1-19.1 | 6.8.8.1-19.1 | May 5, 2016 | The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. |
- affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
- affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
- affected < 6.8.8.1-40.1fixed 6.8.8.1-40.1
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
- affected < 6.8.8.1-54.1fixed 6.8.8.1-54.1
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can
- affected < 6.8.8.1-33.1fixed 6.8.8.1-33.1
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
- affected < 6.8.8.1-33.1fixed 6.8.8.1-33.1
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex fu
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
- affected < 6.8.8.1-25.1fixed 6.8.8.1-25.1
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and applicat
- affected < 6.8.8.1-30.2fixed 6.8.8.1-30.2
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have uns
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
- affected < 6.8.8.1-19.1fixed 6.8.8.1-19.1
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
Page 8 of 9