Vendor
ImageMagick
ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images. It can read and write over 200 image file formats and is widely used in open-source applications. ImageMagick was created by John Cristy in 1987.
Founded 1990
Products
4
CVEs
453
Across products
2,542
Status
Private
Products
4- 2,527 CVEs
- 12 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
453| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-3714 | Hig | 0.77 | 8.4 | 0.94 | KEV | May 5, 2016 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." |
| CVE-2016-5118 | Cri | 0.66 | 9.8 | 0.32 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | |
| CVE-2017-17499 | Cri | 0.64 | 9.8 | 0.02 | Dec 11, 2017 | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |
| CVE-2017-15032 | Cri | 0.64 | 9.8 | 0.00 | Oct 5, 2017 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | |
| CVE-2017-14626 | Cri | 0.64 | 9.8 | 0.01 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | |
| CVE-2017-14625 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | |
| CVE-2017-14624 | Cri | 0.64 | 9.8 | 0.02 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. | |
| CVE-2017-14532 | Cri | 0.64 | 9.8 | 0.02 | Sep 18, 2017 | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | |
| CVE-2017-14138 | Cri | 0.64 | 9.8 | 0.00 | Sep 4, 2017 | ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. | |
| CVE-2017-13139 | Cri | 0.64 | 9.8 | 0.01 | Aug 23, 2017 | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | |
| CVE-2014-9826 | Cri | 0.64 | 9.8 | 0.03 | Mar 30, 2017 | ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | |
| CVE-2017-5511 | Cri | 0.64 | 9.8 | 0.01 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | |
| CVE-2014-9847 | Cri | 0.64 | 9.8 | 0.04 | Mar 20, 2017 | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | |
| CVE-2014-9846 | Cri | 0.64 | 9.8 | 0.03 | Mar 20, 2017 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | |
| CVE-2014-9843 | Cri | 0.64 | 9.8 | 0.02 | Mar 20, 2017 | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | |
| CVE-2014-9841 | Cri | 0.64 | 9.8 | 0.02 | Mar 20, 2017 | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | |
| CVE-2014-9852 | Cri | 0.64 | 9.8 | 0.01 | Mar 17, 2017 | distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. | |
| CVE-2016-5691 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |
| CVE-2016-5689 | Cri | 0.64 | 9.8 | 0.02 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. | |
| CVE-2016-5687 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2016 | The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. |