Imagemagick
by ImageMagick
Source repositories
CVEs (775)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8677 | Hig | 0.57 | 8.8 | 0.04 | Feb 15, 2017 | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | ||
| CVE-2016-4563 | Hig | 0.57 | 8.8 | 0.03 | Jun 4, 2016 | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and… | ||
| CVE-2016-4562 | Hig | 0.57 | 8.8 | 0.03 | Jun 4, 2016 | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have… | ||
| CVE-2016-3718 | Med | 0.57 | 5.5 | 0.77 | KEV | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |
| CVE-2016-3715 | Med | 0.57 | 5.5 | 0.75 | KEV | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |
| CVE-2017-14607 | Hig | 0.53 | 8.1 | 0.02 | Sep 20, 2017 | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | ||
| CVE-2016-5688 | Hig | 0.53 | 8.1 | 0.05 | Dec 13, 2016 | The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex… | ||
| CVE-2012-1185 | Hig | 0.53 | 7.8 | 0.31 | Jun 5, 2012 | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF… | ||
| CVE-2026-46522 | Hig | 0.52 | 7.5 | 0.01 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and… | ||
| CVE-2014-9825 | Hig | 0.51 | 7.8 | 0.01 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. | ||
| CVE-2014-9824 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. | ||
| CVE-2014-9823 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. | ||
| CVE-2014-9822 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. | ||
| CVE-2014-9821 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | ||
| CVE-2014-9820 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. | ||
| CVE-2014-9819 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. | ||
| CVE-2014-9817 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. | ||
| CVE-2017-5510 | Hig | 0.51 | 7.8 | 0.02 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | ||
| CVE-2017-5509 | Hig | 0.51 | 7.8 | 0.02 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | ||
| CVE-2017-5506 | Hig | 0.51 | 7.8 | 0.02 | Mar 24, 2017 | Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. |
- risk 0.57cvss 8.8epss 0.04
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
- risk 0.57cvss 8.8epss 0.03
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and…
- risk 0.57cvss 8.8epss 0.03
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have…
- risk 0.57cvss 5.5epss 0.77
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- risk 0.57cvss 5.5epss 0.75
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- risk 0.53cvss 8.1epss 0.02
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
- risk 0.53cvss 8.1epss 0.05
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex…
- risk 0.53cvss 7.8epss 0.31
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF…
- risk 0.52cvss 7.5epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and…
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
- risk 0.51cvss 7.8epss 0.02
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
- risk 0.51cvss 7.8epss 0.02
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
- risk 0.51cvss 7.8epss 0.02
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
Page 5 of 39