Vendor CVEs
ImageMagick
All CVEs
777 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4987 | 0.00 | — | 0.04 | Sep 24, 2007 | Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. | |||
| CVE-2007-4985 | 0.00 | — | 0.02 | Sep 24, 2007 | ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function,… | |||
| CVE-2007-4986 | 0.00 | — | 0.03 | Sep 24, 2007 | Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. | |||
| CVE-2007-1797 | 0.00 | — | 0.04 | Apr 2, 2007 | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which… | |||
| CVE-2007-1667 | 0.00 | — | 0.05 | Mar 24, 2007 | Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images… | |||
| CVE-2007-0770 | 0.00 | — | 0.05 | Feb 12, 2007 | Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an… | |||
| CVE-2006-5868 | 0.00 | — | 0.03 | Nov 22, 2006 | Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | |||
| CVE-2006-5456 | 0.00 | — | 0.03 | Oct 23, 2006 | Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a… | |||
| CVE-2006-3743 | 0.00 | — | 0.03 | Aug 25, 2006 | Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. | |||
| CVE-2006-3744 | 0.00 | — | 0.03 | Aug 25, 2006 | Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | |||
| CVE-2006-2440 | 0.00 | — | 0.03 | May 18, 2006 | Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | |||
| CVE-2006-0082 | 0.00 | — | 0.04 | Jan 4, 2006 | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as… | |||
| CVE-2005-4601 | 0.00 | — | 0.04 | Dec 31, 2005 | The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. | |||
| CVE-2005-3582 | 0.00 | — | 0.00 | Nov 16, 2005 | ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. | |||
| CVE-2005-1739 | 0.00 | — | 0.04 | May 24, 2005 | The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | |||
| CVE-2005-0397 | 0.00 | — | 0.04 | May 2, 2005 | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert,… | |||
| CVE-2005-0005 | 0.00 | — | 0.04 | May 2, 2005 | Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. | |||
| CVE-2005-0762 | 0.00 | — | 0.03 | May 2, 2005 | Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file. | |||
| CVE-2005-0760 | 0.00 | — | 0.02 | May 2, 2005 | The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. | |||
| CVE-2005-0759 | 0.00 | — | 0.02 | Mar 23, 2005 | ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. | |||
| CVE-2005-0761 | 0.00 | — | 0.02 | Mar 23, 2005 | Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. | |||
| CVE-2004-0981 | 0.00 | — | 0.06 | Feb 9, 2005 | Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. | |||
| CVE-2004-0817 | 0.00 | — | 0.05 | Dec 31, 2004 | Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | |||
| CVE-2004-0802 | 0.00 | — | 0.03 | Dec 31, 2004 | Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||
| CVE-2004-0827 | 0.00 | — | 0.06 | Sep 16, 2004 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||
| CVE-2003-0555 | 0.00 | — | 0.02 | Aug 18, 2003 | ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability. | |||
| CVE-2003-0455 | 0.00 | — | 0.00 | Aug 7, 2003 | The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files. |
- CVE-2007-4987Sep 24, 2007risk 0.00cvss —epss 0.04
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
- CVE-2007-4985Sep 24, 2007risk 0.00cvss —epss 0.02
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function,…
- CVE-2007-4986Sep 24, 2007risk 0.00cvss —epss 0.03
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
- CVE-2007-1797Apr 2, 2007risk 0.00cvss —epss 0.04
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which…
- CVE-2007-1667Mar 24, 2007risk 0.00cvss —epss 0.05
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images…
- CVE-2007-0770Feb 12, 2007risk 0.00cvss —epss 0.05
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an…
- CVE-2006-5868Nov 22, 2006risk 0.00cvss —epss 0.03
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
- CVE-2006-5456Oct 23, 2006risk 0.00cvss —epss 0.03
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a…
- CVE-2006-3743Aug 25, 2006risk 0.00cvss —epss 0.03
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
- CVE-2006-3744Aug 25, 2006risk 0.00cvss —epss 0.03
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
- CVE-2006-2440May 18, 2006risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
- CVE-2006-0082Jan 4, 2006risk 0.00cvss —epss 0.04
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as…
- CVE-2005-4601Dec 31, 2005risk 0.00cvss —epss 0.04
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
- CVE-2005-3582Nov 16, 2005risk 0.00cvss —epss 0.00
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
- CVE-2005-1739May 24, 2005risk 0.00cvss —epss 0.04
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
- CVE-2005-0397May 2, 2005risk 0.00cvss —epss 0.04
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert,…
- CVE-2005-0005May 2, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
- CVE-2005-0762May 2, 2005risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
- CVE-2005-0760May 2, 2005risk 0.00cvss —epss 0.02
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
- CVE-2005-0759Mar 23, 2005risk 0.00cvss —epss 0.02
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
- CVE-2005-0761Mar 23, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
- CVE-2004-0981Feb 9, 2005risk 0.00cvss —epss 0.06
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
- CVE-2004-0817Dec 31, 2004risk 0.00cvss —epss 0.05
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
- CVE-2004-0802Dec 31, 2004risk 0.00cvss —epss 0.03
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
- CVE-2004-0827Sep 16, 2004risk 0.00cvss —epss 0.06
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
- CVE-2003-0555Aug 18, 2003risk 0.00cvss —epss 0.02
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
- CVE-2003-0455Aug 7, 2003risk 0.00cvss —epss 0.00
The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
Page 16 of 16