Imagemagick

Source repositories

https://github.com/imagemagick/imagemagick

CVEs (775)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2016-3714	ImageMagick Imagemagick	Hig	0.77	8.4	0.97	KEV	May 5, 2016	The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-5118	ImageMagick Imagemagick	Cri	0.68	9.8	0.50		Jun 10, 2016	The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.
CVE-2016-5841	ImageMagick Imagemagick	Cri	0.65	9.8	0.13		Dec 13, 2016	Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVE-2018-16329	ImageMagick Imagemagick	Cri	0.64	9.8	0.02		Sep 1, 2018	In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2018-16328	ImageMagick Imagemagick	Cri	0.64	9.8	0.02		Sep 1, 2018	In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2018-14551	ImageMagick Imagemagick	Cri	0.64	9.8	0.04		Jul 23, 2018	The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVE-2017-18211	ImageMagick Imagemagick	Cri	0.64	9.8	0.04		Mar 1, 2018	In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
CVE-2017-18210	ImageMagick Imagemagick	Cri	0.64	9.8	0.03		Mar 1, 2018	In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
CVE-2017-17499	ImageMagick Imagemagick	Cri	0.64	9.8	0.03		Dec 11, 2017	ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVE-2017-15032	ImageMagick Imagemagick	Cri	0.64	9.8	0.02		Oct 5, 2017	ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2017-14626	ImageMagick Imagemagick	Cri	0.64	9.8	0.03		Sep 21, 2017	ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVE-2017-14625	ImageMagick Imagemagick	Cri	0.64	9.8	0.03		Sep 21, 2017	ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVE-2017-14624	ImageMagick Imagemagick	Cri	0.64	9.8	0.03		Sep 21, 2017	ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVE-2017-14532	ImageMagick Imagemagick	Cri	0.64	9.8	0.03		Sep 18, 2017	ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVE-2017-14138	ImageMagick Imagemagick	Cri	0.64	9.8	0.02		Sep 4, 2017	ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVE-2017-13139	ImageMagick Imagemagick	Cri	0.64	9.8	0.04		Aug 23, 2017	In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2014-9826	ImageMagick Imagemagick	Cri	0.64	9.8	0.04		Mar 30, 2017	ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVE-2017-5511	ImageMagick Imagemagick	Cri	0.64	9.8	0.05		Mar 24, 2017	coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVE-2014-9847	ImageMagick Imagemagick	Cri	0.64	9.8	0.05		Mar 20, 2017	The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVE-2014-9846	ImageMagick Imagemagick	Cri	0.64	9.8	0.05		Mar 20, 2017	Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

CVE-2016-3714HigKEVMay 5, 2016
ImageMagick
Imagemagick
risk 0.77cvss 8.4epss 0.97
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2016-5118CriJun 10, 2016
ImageMagick
Imagemagick
risk 0.68cvss 9.8epss 0.50
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2016-5841CriDec 13, 2016
ImageMagick
Imagemagick
risk 0.65cvss 9.8epss 0.13
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVE-2018-16329CriSep 1, 2018
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.02
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2018-16328CriSep 1, 2018
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.02
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2018-14551CriJul 23, 2018
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.04
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVE-2017-18211CriMar 1, 2018
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.04
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
CVE-2017-18210CriMar 1, 2018
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.03
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
CVE-2017-17499CriDec 11, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.03
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVE-2017-15032CriOct 5, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.02
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2017-14626CriSep 21, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVE-2017-14625CriSep 21, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVE-2017-14624CriSep 21, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVE-2017-14532CriSep 18, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVE-2017-14138CriSep 4, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.02
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVE-2017-13139CriAug 23, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.04
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2014-9826CriMar 30, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.04
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVE-2017-5511CriMar 24, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.05
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVE-2014-9847CriMar 20, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.05
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVE-2014-9846CriMar 20, 2017
ImageMagick
Imagemagick
risk 0.64cvss 9.8epss 0.05
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Page 1 of 39