VYPR

Imagemagick

by ImageMagick

Source repositories

CVEs (781)

  • CVE-2020-25664Dec 8, 2020
    risk 0.00cvss epss 0.01

    In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An…

  • CVE-2020-25663Dec 8, 2020
    risk 0.00cvss epss 0.01

    A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image…

  • CVE-2020-27756Dec 8, 2020
    risk 0.00cvss epss 0.01

    In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application…

  • CVE-2020-25665Dec 8, 2020
    risk 0.00cvss epss 0.01

    The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to…

  • CVE-2020-25666Dec 8, 2020
    risk 0.00cvss epss 0.01

    There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`.…

  • CVE-2020-25674Dec 8, 2020
    risk 0.00cvss epss 0.01

    WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will…

  • CVE-2020-27754Dec 8, 2020
    risk 0.00cvss epss 0.01

    In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function,…

  • CVE-2020-27751Dec 8, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too…

  • CVE-2020-27750Dec 8, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division…

  • CVE-2020-25675Dec 8, 2020
    risk 0.00cvss epss 0.01

    In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such…

  • CVE-2020-27757Dec 8, 2020
    risk 0.00cvss epss 0.01

    A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is…

  • CVE-2020-27758Dec 8, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application…

  • CVE-2020-25676Dec 8, 2020
    risk 0.00cvss epss 0.01

    In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function.…

  • CVE-2020-27776Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to…

  • CVE-2020-27766Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to…

  • CVE-2020-27773Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead…

  • CVE-2020-27771Dec 4, 2020
    risk 0.00cvss epss 0.01

    In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This…

  • CVE-2020-27772Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application…

  • CVE-2020-27774Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application…

  • CVE-2020-27767Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an…

Page 33 of 40