rpm package
suse/ImageMagick&distro=SUSE Linux Enterprise Module for Development Tools 15 SP2
pkg:rpm/suse/ImageMagick&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27769 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | May 14, 2021 | In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. | ||
| CVE-2021-20311 | — | < 7.0.7.34-10.15.1 | 7.0.7.34-10.15.1 | May 11, 2021 | A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The h | ||
| CVE-2021-20313 | — | < 7.0.7.34-10.15.1 | 7.0.7.34-10.15.1 | May 11, 2021 | A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | ||
| CVE-2021-20312 | — | < 7.0.7.34-10.15.1 | 7.0.7.34-10.15.1 | May 11, 2021 | A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threa | ||
| CVE-2021-20309 | — | < 7.0.7.34-10.15.1 | 7.0.7.34-10.15.1 | May 11, 2021 | A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this | ||
| CVE-2021-20246 | — | < 7.0.7.34-10.12.1 | 7.0.7.34-10.12.1 | Mar 9, 2021 | A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20244 | — | < 7.0.7.34-10.12.1 | 7.0.7.34-10.12.1 | Mar 9, 2021 | A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20243 | — | < 7.0.7.34-10.12.1 | 7.0.7.34-10.12.1 | Mar 9, 2021 | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-20241 | — | < 7.0.7.34-10.12.1 | 7.0.7.34-10.12.1 | Mar 9, 2021 | A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | ||
| CVE-2020-27768 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Feb 23, 2021 | In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. | ||
| CVE-2021-20176 | — | < 7.0.7.34-10.18.1 | 7.0.7.34-10.18.1 | Feb 5, 2021 | A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to sys | ||
| CVE-2020-27755 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwi | ||
| CVE-2020-27753 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was origin | ||
| CVE-2020-27752 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an im | ||
| CVE-2020-25664 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attack | ||
| CVE-2020-27758 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application | ||
| CVE-2020-27757 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is | ||
| CVE-2020-27756 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. | ||
| CVE-2020-27754 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which | ||
| CVE-2020-27751 | — | < 7.0.7.34-10.9.1 | 7.0.7.34-10.9.1 | Dec 8, 2020 | A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too la |
- CVE-2020-27769May 14, 2021affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
- CVE-2021-20311May 11, 2021affected < 7.0.7.34-10.15.1fixed 7.0.7.34-10.15.1
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The h
- CVE-2021-20313May 11, 2021affected < 7.0.7.34-10.15.1fixed 7.0.7.34-10.15.1
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
- CVE-2021-20312May 11, 2021affected < 7.0.7.34-10.15.1fixed 7.0.7.34-10.15.1
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threa
- CVE-2021-20309May 11, 2021affected < 7.0.7.34-10.15.1fixed 7.0.7.34-10.15.1
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this
- CVE-2021-20246Mar 9, 2021affected < 7.0.7.34-10.12.1fixed 7.0.7.34-10.12.1
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
- CVE-2021-20244Mar 9, 2021affected < 7.0.7.34-10.12.1fixed 7.0.7.34-10.12.1
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
- CVE-2021-20243Mar 9, 2021affected < 7.0.7.34-10.12.1fixed 7.0.7.34-10.12.1
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
- CVE-2021-20241Mar 9, 2021affected < 7.0.7.34-10.12.1fixed 7.0.7.34-10.12.1
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
- CVE-2020-27768Feb 23, 2021affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.
- CVE-2021-20176Feb 5, 2021affected < 7.0.7.34-10.18.1fixed 7.0.7.34-10.18.1
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to sys
- CVE-2020-27755Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwi
- CVE-2020-27753Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was origin
- CVE-2020-27752Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an im
- CVE-2020-25664Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attack
- CVE-2020-27758Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application
- CVE-2020-27757Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is
- CVE-2020-27756Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability.
- CVE-2020-27754Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which
- CVE-2020-27751Dec 8, 2020affected < 7.0.7.34-10.9.1fixed 7.0.7.34-10.9.1
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too la
Page 1 of 3