VYPR

Vendor CVEs

ImageMagick

All CVEs

777 total · sorted by risk
  • CVE-2017-15017HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.

  • CVE-2017-15016HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.

  • CVE-2017-15015HigOct 5, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

  • CVE-2017-14682HigSep 21, 2017
    risk 0.57cvss 8.8epss 0.02

    GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.

  • CVE-2017-13146HigAug 23, 2017
    risk 0.57cvss 8.8epss 0.01

    In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.

  • CVE-2017-12983HigAug 21, 2017
    risk 0.57cvss 8.8epss 0.02

    Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

  • CVE-2017-12669HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.

  • CVE-2017-12668HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.

  • CVE-2017-12667HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.

  • CVE-2017-12666HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.

  • CVE-2017-12665HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.

  • CVE-2017-12664HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.

  • CVE-2017-12663HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.

  • CVE-2017-12662HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.

  • CVE-2014-9831HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.

  • CVE-2014-9830HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.

  • CVE-2014-9828HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.

  • CVE-2014-9827HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

  • CVE-2017-12644HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.

  • CVE-2017-12642HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.

  • CVE-2017-12641HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.

  • CVE-2017-12640HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.

  • CVE-2017-12587HigAug 6, 2017
    risk 0.57cvss 8.8epss 0.02

    ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.

  • CVE-2017-11450HigJul 19, 2017
    risk 0.57cvss 8.8epss 0.02

    coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.

  • CVE-2017-11449HigJul 19, 2017
    risk 0.57cvss 8.8epss 0.03

    coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.

  • CVE-2017-11310HigJul 13, 2017
    risk 0.57cvss 8.8epss 0.01

    The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.

  • CVE-2017-11170HigJul 11, 2017
    risk 0.57cvss 8.8epss 0.02

    The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.

  • CVE-2017-10928HigJul 5, 2017
    risk 0.57cvss 8.8epss 0.04

    In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the…

  • CVE-2016-10145CriMar 24, 2017
    risk 0.57cvss 9.8epss 0.05

    Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

  • CVE-2016-10144CriMar 24, 2017
    risk 0.57cvss 9.8epss 0.05

    coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.

  • CVE-2016-8677HigFeb 15, 2017
    risk 0.57cvss 8.8epss 0.04

    The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.

  • CVE-2016-4563HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.03

    The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and…

  • CVE-2016-4562HigJun 4, 2016
    risk 0.57cvss 8.8epss 0.03

    The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have…

  • CVE-2016-3718MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.77

    The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

  • CVE-2016-3715MedKEVMay 5, 2016
    risk 0.57cvss 5.5epss 0.75

    The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

  • CVE-2026-13606impJun 28, 2026
    risk 0.53cvss 8.1epss

    GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file

  • CVE-2017-14607HigSep 20, 2017
    risk 0.53cvss 8.1epss 0.02

    In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

  • CVE-2016-5688HigDec 13, 2016
    risk 0.53cvss 8.1epss 0.05

    The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex…

  • CVE-2012-1185HigJun 5, 2012
    risk 0.53cvss 7.8epss 0.31

    Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF…

  • CVE-2026-46522HigJun 10, 2026
    risk 0.52cvss 7.5epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and…

  • CVE-2014-9825HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.

  • CVE-2014-9824HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.

  • CVE-2014-9823HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.

  • CVE-2014-9822HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.

  • CVE-2014-9821HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

  • CVE-2014-9820HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.

  • CVE-2014-9819HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.

  • CVE-2014-9817HigMar 30, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.

  • CVE-2017-5510HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

  • CVE-2017-5509HigMar 24, 2017
    risk 0.51cvss 7.8epss 0.02

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Page 2 of 16