VYPR

Imagemagick

by ImageMagick

Source repositories

CVEs (781)

  • CVE-2017-14173MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted…

  • CVE-2017-14172MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the…

  • CVE-2017-14139MedSep 4, 2017
    risk 0.42cvss 6.5epss 0.01

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.

  • CVE-2017-12693MedSep 1, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.

  • CVE-2017-12692MedSep 1, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.

  • CVE-2017-12691MedSep 1, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-14060MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a…

  • CVE-2017-13769MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.01

    The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.

  • CVE-2017-13768MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

  • CVE-2017-13758MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.

  • CVE-2017-12875MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.02

    The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.

  • CVE-2017-12877MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.02

    Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-12876MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.03

    Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-13658MedAug 24, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.

  • CVE-2017-13145MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.

  • CVE-2017-13144MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.

  • CVE-2017-13142MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.

  • CVE-2017-13141MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.

  • CVE-2017-13140MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.

  • CVE-2017-13134MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.

Page 13 of 40