Imagemagick
by ImageMagick
Source repositories
CVEs (781)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11188 | Hig | 0.49 | 7.5 | 0.02 | Jul 12, 2017 | The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. | ||
| CVE-2017-9098 | Hig | 0.49 | 7.5 | 0.04 | May 19, 2017 | ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that… | ||
| CVE-2017-7619 | Hig | 0.49 | 7.5 | 0.01 | Apr 10, 2017 | In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. | ||
| CVE-2014-9804 | Hig | 0.49 | 7.5 | 0.03 | Mar 30, 2017 | vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | ||
| CVE-2017-5507 | Hig | 0.49 | 7.5 | 0.06 | Mar 24, 2017 | Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. | ||
| CVE-2014-9839 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | ||
| CVE-2014-9851 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | ||
| CVE-2014-9850 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | ||
| CVE-2014-9849 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | ||
| CVE-2014-9848 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | ||
| CVE-2014-9842 | Hig | 0.49 | 7.5 | 0.04 | Mar 20, 2017 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||
| CVE-2014-9854 | Hig | 0.49 | 7.5 | 0.04 | Mar 17, 2017 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | ||
| CVE-2016-10252 | Hig | 0.49 | 7.5 | 0.02 | Mar 14, 2017 | Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | ||
| CVE-2017-6497 | Hig | 0.49 | 7.5 | 0.02 | Mar 6, 2017 | An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). | ||
| CVE-2016-6823 | Hig | 0.49 | 7.5 | 0.05 | Jan 18, 2017 | Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | ||
| CVE-2016-5842 | Hig | 0.49 | 7.5 | 0.06 | Dec 13, 2016 | MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | ||
| CVE-2012-1610 | Hig | 0.49 | 7.5 | 0.05 | Jun 5, 2012 | Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists… | ||
| CVE-2017-15277 | Med | 0.44 | 6.5 | 0.19 | Oct 12, 2017 | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting… | ||
| CVE-2016-10059 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. | ||
| CVE-2016-10057 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
- risk 0.49cvss 7.5epss 0.02
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
- risk 0.49cvss 7.5epss 0.04
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that…
- risk 0.49cvss 7.5epss 0.01
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
- risk 0.49cvss 7.5epss 0.03
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
- risk 0.49cvss 7.5epss 0.06
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
- risk 0.49cvss 7.5epss 0.02
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
- risk 0.49cvss 7.5epss 0.04
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
- risk 0.49cvss 7.5epss 0.04
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
- risk 0.49cvss 7.5epss 0.04
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
- risk 0.49cvss 7.5epss 0.04
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
- risk 0.49cvss 7.5epss 0.04
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
- risk 0.49cvss 7.5epss 0.02
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
- risk 0.49cvss 7.5epss 0.05
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
- risk 0.49cvss 7.5epss 0.06
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
- risk 0.49cvss 7.5epss 0.05
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists…
- risk 0.44cvss 6.5epss 0.19
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting…
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
Page 7 of 40