VYPR

Imagemagick

by ImageMagick

Source repositories

CVEs (781)

  • CVE-2020-27765Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could…

  • CVE-2020-27775Dec 4, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to…

  • CVE-2020-27770Dec 4, 2020
    risk 0.00cvss epss 0.01

    Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects…

  • CVE-2020-27759Dec 3, 2020
    risk 0.00cvss epss 0.01

    In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by…

  • CVE-2020-27762Dec 3, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application…

  • CVE-2020-27760Dec 3, 2020
    risk 0.00cvss epss 0.01

    In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the…

  • CVE-2020-27764Dec 3, 2020
    risk 0.00cvss epss 0.01

    In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked…

  • CVE-2020-27761Dec 3, 2020
    risk 0.00cvss epss 0.01

    WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t`…

  • CVE-2020-27763Dec 3, 2020
    risk 0.00cvss epss 0.01

    A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could…

  • CVE-2020-19667Nov 20, 2020
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.

  • CVE-2020-27560Oct 22, 2020
    risk 0.00cvss epss 0.01

    ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

  • CVE-2020-13902Jun 7, 2020
    risk 0.00cvss epss 0.01

    ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

  • CVE-2020-10251Mar 10, 2020
    risk 0.00cvss epss 0.01

    In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.

  • CVE-2014-1958Feb 6, 2020
    risk 0.00cvss epss 0.04

    Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

  • CVE-2016-7524Feb 6, 2020
    risk 0.00cvss epss 0.02

    coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

  • CVE-2016-7523Feb 6, 2020
    risk 0.00cvss epss 0.03

    coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

  • CVE-2019-19948Dec 24, 2019
    risk 0.00cvss epss 0.04

    In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.

  • CVE-2019-19952Dec 24, 2019
    risk 0.00cvss epss 0.02

    In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.

  • CVE-2019-19949Dec 24, 2019
    risk 0.00cvss epss 0.03

    In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.

  • CVE-2014-8561Dec 15, 2019
    risk 0.00cvss epss 0.02

    imagemagick 6.8.9.6 has remote DOS via infinite loop

Page 34 of 40