VYPR

Imagemagick

by ImageMagick

Source repositories

CVEs (781)

  • CVE-2021-3962Nov 19, 2021
    risk 0.00cvss epss 0.06

    A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest…

  • CVE-2021-39212Sep 13, 2021
    risk 0.00cvss epss 0.00

    ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when…

  • CVE-2020-27769May 14, 2021
    risk 0.00cvss epss 0.01

    In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

  • CVE-2021-20311May 11, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The…

  • CVE-2021-20310May 11, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The…

  • CVE-2021-20309May 11, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this…

  • CVE-2021-20312May 11, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest…

  • CVE-2021-20313May 11, 2021
    risk 0.00cvss epss 0.02

    A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.

  • CVE-2020-27829Mar 26, 2021
    risk 0.00cvss epss 0.01

    A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

  • CVE-2021-20246Mar 9, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20243Mar 9, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20245Mar 9, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20244Mar 9, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

  • CVE-2021-20241Mar 9, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

  • CVE-2020-27768Feb 23, 2021
    risk 0.00cvss epss 0.01

    In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

  • CVE-2021-20176Feb 5, 2021
    risk 0.00cvss epss 0.01

    A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to…

  • CVE-2020-27755Dec 8, 2020
    risk 0.00cvss epss 0.01

    in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before…

  • CVE-2020-27753Dec 8, 2020
    risk 0.00cvss epss 0.01

    There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was…

  • CVE-2020-27752Dec 8, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an…

  • CVE-2020-25667Dec 8, 2020
    risk 0.00cvss epss 0.01

    TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type…

Page 32 of 40