Imagemagick
by ImageMagick
Source repositories
CVEs (775)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12599 | Hig | 0.57 | 8.8 | 0.03 | Jun 20, 2018 | In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | ||
| CVE-2018-11625 | Hig | 0.57 | 8.8 | 0.02 | May 31, 2018 | In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | ||
| CVE-2018-11624 | Hig | 0.57 | 8.8 | 0.02 | May 31, 2018 | In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | ||
| CVE-2018-9135 | Hig | 0.57 | 8.8 | 0.02 | Mar 30, 2018 | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | ||
| CVE-2017-18209 | Hig | 0.57 | 8.8 | 0.03 | Mar 1, 2018 | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | ||
| CVE-2018-5248 | Hig | 0.57 | 8.8 | 0.04 | Jan 5, 2018 | In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | ||
| CVE-2017-17880 | Hig | 0.57 | 8.8 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | ||
| CVE-2017-17879 | Hig | 0.57 | 8.8 | 0.03 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | ||
| CVE-2017-16546 | Hig | 0.57 | 8.8 | 0.02 | Nov 5, 2017 | The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other… | ||
| CVE-2017-15281 | Hig | 0.57 | 8.8 | 0.03 | Oct 12, 2017 | ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." | ||
| CVE-2017-15017 | Hig | 0.57 | 8.8 | 0.02 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | ||
| CVE-2017-15016 | Hig | 0.57 | 8.8 | 0.02 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | ||
| CVE-2017-15015 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | ||
| CVE-2017-14682 | Hig | 0.57 | 8.8 | 0.02 | Sep 21, 2017 | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | ||
| CVE-2017-13146 | Hig | 0.57 | 8.8 | 0.01 | Aug 23, 2017 | In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. | ||
| CVE-2017-12983 | Hig | 0.57 | 8.8 | 0.02 | Aug 21, 2017 | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-12669 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. | ||
| CVE-2017-12668 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | ||
| CVE-2017-12667 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. | ||
| CVE-2017-12666 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. |
- risk 0.57cvss 8.8epss 0.03
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
- risk 0.57cvss 8.8epss 0.03
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
- risk 0.57cvss 8.8epss 0.04
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
- risk 0.57cvss 8.8epss 0.01
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
- risk 0.57cvss 8.8epss 0.03
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
- risk 0.57cvss 8.8epss 0.02
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other…
- risk 0.57cvss 8.8epss 0.03
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
- risk 0.57cvss 8.8epss 0.02
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
- risk 0.57cvss 8.8epss 0.01
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
- risk 0.57cvss 8.8epss 0.02
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
Page 3 of 39