VYPR

Imagemagick

by ImageMagick

Source repositories

CVEs (775)

  • CVE-2016-8677HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.04

    The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.

  • CVE-2016-4563HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.03

    The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and…

  • CVE-2016-4562HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.03

    The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have…

  • CVE-2016-3718MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.77

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.75

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2017-14607HigSep 20, 2017
    risk 0.53cvss 8.1epss 0.02

    In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

  • CVE-2016-5688HigDec 13, 2016
    risk 0.53cvss 8.1epss 0.05

    The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex…

  • CVE-2012-1185HigJun 5, 2012
    risk 0.53cvss 7.8epss 0.31

    Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF…

  • CVE-2026-46522HigJun 10, 2026
    risk 0.52cvss 7.5epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and…

  • CVE-2014-9825HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.

  • CVE-2014-9824HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.

  • CVE-2014-9823HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.

  • CVE-2014-9822HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.

  • CVE-2014-9821HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

  • CVE-2014-9820HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.

  • CVE-2014-9819HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.

  • CVE-2014-9817HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.

  • CVE-2017-5510HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

  • CVE-2017-5509HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

  • CVE-2017-5506HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

Page 5 of 39