Vendor CVEs
ImageMagick
All CVEs
777 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3714 | Hig | 0.77 | 8.4 | 0.97 | KEV | May 5, 2016 | The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | |
| CVE-2016-5118 | Cri | 0.68 | 9.8 | 0.50 | Jun 10, 2016 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | ||
| CVE-2016-5841 | Cri | 0.65 | 9.8 | 0.13 | Dec 13, 2016 | Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | ||
| CVE-2018-16329 | Cri | 0.64 | 9.8 | 0.02 | Sep 1, 2018 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | ||
| CVE-2018-16328 | Cri | 0.64 | 9.8 | 0.02 | Sep 1, 2018 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | ||
| CVE-2018-14551 | Cri | 0.64 | 9.8 | 0.04 | Jul 23, 2018 | The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. | ||
| CVE-2017-18211 | Cri | 0.64 | 9.8 | 0.04 | Mar 1, 2018 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. | ||
| CVE-2017-18210 | Cri | 0.64 | 9.8 | 0.03 | Mar 1, 2018 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | ||
| CVE-2017-17499 | Cri | 0.64 | 9.8 | 0.03 | Dec 11, 2017 | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | ||
| CVE-2017-15032 | Cri | 0.64 | 9.8 | 0.02 | Oct 5, 2017 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | ||
| CVE-2017-14626 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | ||
| CVE-2017-14625 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | ||
| CVE-2017-14624 | Cri | 0.64 | 9.8 | 0.03 | Sep 21, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. | ||
| CVE-2017-14532 | Cri | 0.64 | 9.8 | 0.03 | Sep 18, 2017 | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | ||
| CVE-2017-14138 | Cri | 0.64 | 9.8 | 0.02 | Sep 4, 2017 | ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. | ||
| CVE-2017-13139 | Cri | 0.64 | 9.8 | 0.04 | Aug 23, 2017 | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | ||
| CVE-2014-9826 | Cri | 0.64 | 9.8 | 0.04 | Mar 30, 2017 | ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files. | ||
| CVE-2017-5511 | Cri | 0.64 | 9.8 | 0.05 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | ||
| CVE-2014-9847 | Cri | 0.64 | 9.8 | 0.05 | Mar 20, 2017 | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | ||
| CVE-2014-9846 | Cri | 0.64 | 9.8 | 0.05 | Mar 20, 2017 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | ||
| CVE-2014-9843 | Cri | 0.64 | 9.8 | 0.04 | Mar 20, 2017 | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | ||
| CVE-2014-9841 | Cri | 0.64 | 9.8 | 0.04 | Mar 20, 2017 | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions." | ||
| CVE-2014-9852 | Cri | 0.64 | 9.8 | 0.03 | Mar 17, 2017 | distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. | ||
| CVE-2016-5239 | Cri | 0.64 | 9.8 | 0.03 | Mar 15, 2017 | The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | ||
| CVE-2016-5691 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | ||
| CVE-2016-5690 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. | ||
| CVE-2016-5689 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. | ||
| CVE-2016-5687 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | ||
| CVE-2016-4564 | Cri | 0.64 | 9.8 | 0.03 | Jun 4, 2016 | The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or… | ||
| CVE-2016-6520 | Cri | 0.59 | 9.1 | 0.04 | Dec 13, 2016 | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | ||
| CVE-2018-16413 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2018 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | ||
| CVE-2018-16412 | Hig | 0.58 | 8.8 | 0.04 | Sep 3, 2018 | ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. | ||
| CVE-2018-8960 | Hig | 0.58 | 8.8 | 0.04 | Mar 23, 2018 | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | ||
| CVE-2018-8804 | Hig | 0.58 | 8.8 | 0.04 | Mar 20, 2018 | WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-14224 | Hig | 0.58 | 8.8 | 0.04 | Sep 9, 2017 | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | ||
| CVE-2016-8866 | Hig | 0.58 | 8.8 | 0.05 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for… | ||
| CVE-2016-8862 | Hig | 0.58 | 8.8 | 0.04 | Feb 15, 2017 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | ||
| CVE-2016-6491 | Hig | 0.58 | 8.8 | 0.05 | Dec 13, 2016 | Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | ||
| CVE-2012-0247 | Hig | 0.58 | 8.8 | 0.04 | Jun 5, 2012 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | ||
| CVE-2018-12600 | Hig | 0.57 | 8.8 | 0.03 | Jun 20, 2018 | In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | ||
| CVE-2018-12599 | Hig | 0.57 | 8.8 | 0.03 | Jun 20, 2018 | In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | ||
| CVE-2018-11625 | Hig | 0.57 | 8.8 | 0.02 | May 31, 2018 | In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | ||
| CVE-2018-11624 | Hig | 0.57 | 8.8 | 0.02 | May 31, 2018 | In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | ||
| CVE-2018-9135 | Hig | 0.57 | 8.8 | 0.02 | Mar 30, 2018 | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | ||
| CVE-2017-18209 | Hig | 0.57 | 8.8 | 0.03 | Mar 1, 2018 | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | ||
| CVE-2018-5248 | Hig | 0.57 | 8.8 | 0.04 | Jan 5, 2018 | In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | ||
| CVE-2017-17880 | Hig | 0.57 | 8.8 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | ||
| CVE-2017-17879 | Hig | 0.57 | 8.8 | 0.03 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | ||
| CVE-2017-16546 | Hig | 0.57 | 8.8 | 0.02 | Nov 5, 2017 | The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other… | ||
| CVE-2017-15281 | Hig | 0.57 | 8.8 | 0.03 | Oct 12, 2017 | ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." |
- risk 0.77cvss 8.4epss 0.97
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
- risk 0.68cvss 9.8epss 0.50
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
- risk 0.65cvss 9.8epss 0.13
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
- risk 0.64cvss 9.8epss 0.02
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
- risk 0.64cvss 9.8epss 0.02
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
- risk 0.64cvss 9.8epss 0.04
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
- risk 0.64cvss 9.8epss 0.04
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
- risk 0.64cvss 9.8epss 0.03
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
- risk 0.64cvss 9.8epss 0.03
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
- risk 0.64cvss 9.8epss 0.02
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
- risk 0.64cvss 9.8epss 0.03
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
- risk 0.64cvss 9.8epss 0.02
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
- risk 0.64cvss 9.8epss 0.04
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
- risk 0.64cvss 9.8epss 0.04
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
- risk 0.64cvss 9.8epss 0.05
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.05
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
- risk 0.64cvss 9.8epss 0.05
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
- risk 0.64cvss 9.8epss 0.04
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
- risk 0.64cvss 9.8epss 0.04
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
- risk 0.64cvss 9.8epss 0.03
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.05
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
- risk 0.64cvss 9.8epss 0.05
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
- risk 0.64cvss 9.8epss 0.05
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
- risk 0.64cvss 9.8epss 0.05
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
- risk 0.64cvss 9.8epss 0.03
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or…
- risk 0.59cvss 9.1epss 0.04
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
- risk 0.58cvss 8.8epss 0.04
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
- risk 0.58cvss 8.8epss 0.04
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
- risk 0.58cvss 8.8epss 0.04
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
- risk 0.58cvss 8.8epss 0.04
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
- risk 0.58cvss 8.8epss 0.04
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
- risk 0.58cvss 8.8epss 0.05
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for…
- risk 0.58cvss 8.8epss 0.04
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
- risk 0.58cvss 8.8epss 0.05
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
- risk 0.58cvss 8.8epss 0.04
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
- risk 0.57cvss 8.8epss 0.03
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
- risk 0.57cvss 8.8epss 0.03
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
- risk 0.57cvss 8.8epss 0.03
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
- risk 0.57cvss 8.8epss 0.04
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
- risk 0.57cvss 8.8epss 0.01
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
- risk 0.57cvss 8.8epss 0.03
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
- risk 0.57cvss 8.8epss 0.02
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other…
- risk 0.57cvss 8.8epss 0.03
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
Page 1 of 16