Vendor CVEs
ImageMagick
All CVEs
777 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15017 | Hig | 0.57 | 8.8 | 0.02 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | ||
| CVE-2017-15016 | Hig | 0.57 | 8.8 | 0.02 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | ||
| CVE-2017-15015 | Hig | 0.57 | 8.8 | 0.01 | Oct 5, 2017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | ||
| CVE-2017-14682 | Hig | 0.57 | 8.8 | 0.02 | Sep 21, 2017 | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | ||
| CVE-2017-13146 | Hig | 0.57 | 8.8 | 0.01 | Aug 23, 2017 | In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. | ||
| CVE-2017-12983 | Hig | 0.57 | 8.8 | 0.02 | Aug 21, 2017 | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2017-12669 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. | ||
| CVE-2017-12668 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | ||
| CVE-2017-12667 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. | ||
| CVE-2017-12666 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. | ||
| CVE-2017-12665 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. | ||
| CVE-2017-12664 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. | ||
| CVE-2017-12663 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. | ||
| CVE-2017-12662 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. | ||
| CVE-2014-9831 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | ||
| CVE-2014-9830 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | ||
| CVE-2014-9828 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | ||
| CVE-2014-9827 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | ||
| CVE-2017-12644 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. | ||
| CVE-2017-12642 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. | ||
| CVE-2017-12641 | Hig | 0.57 | 8.8 | 0.01 | Aug 7, 2017 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. | ||
| CVE-2017-12640 | Hig | 0.57 | 8.8 | 0.02 | Aug 7, 2017 | ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. | ||
| CVE-2017-12587 | Hig | 0.57 | 8.8 | 0.02 | Aug 6, 2017 | ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c. | ||
| CVE-2017-11450 | Hig | 0.57 | 8.8 | 0.02 | Jul 19, 2017 | coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | ||
| CVE-2017-11449 | Hig | 0.57 | 8.8 | 0.03 | Jul 19, 2017 | coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. | ||
| CVE-2017-11310 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2017 | The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. | ||
| CVE-2017-11170 | Hig | 0.57 | 8.8 | 0.02 | Jul 11, 2017 | The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. | ||
| CVE-2017-10928 | Hig | 0.57 | 8.8 | 0.04 | Jul 5, 2017 | In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the… | ||
| CVE-2016-10145 | Cri | 0.57 | 9.8 | 0.05 | Mar 24, 2017 | Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | ||
| CVE-2016-10144 | Cri | 0.57 | 9.8 | 0.05 | Mar 24, 2017 | coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | ||
| CVE-2016-8677 | Hig | 0.57 | 8.8 | 0.04 | Feb 15, 2017 | The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | ||
| CVE-2016-4563 | Hig | 0.57 | 8.8 | 0.03 | Jun 4, 2016 | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and… | ||
| CVE-2016-4562 | Hig | 0.57 | 8.8 | 0.03 | Jun 4, 2016 | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have… | ||
| CVE-2016-3718 | Med | 0.57 | 5.5 | 0.77 | KEV | May 5, 2016 | The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | |
| CVE-2016-3715 | Med | 0.57 | 5.5 | 0.75 | KEV | May 5, 2016 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | |
| CVE-2026-13606 | imp | 0.53 | 8.1 | — | Jun 28, 2026 | GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file | ||
| CVE-2017-14607 | Hig | 0.53 | 8.1 | 0.02 | Sep 20, 2017 | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | ||
| CVE-2016-5688 | Hig | 0.53 | 8.1 | 0.05 | Dec 13, 2016 | The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex… | ||
| CVE-2012-1185 | Hig | 0.53 | 7.8 | 0.31 | Jun 5, 2012 | Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF… | ||
| CVE-2026-46522 | Hig | 0.52 | 7.5 | 0.01 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and… | ||
| CVE-2014-9825 | Hig | 0.51 | 7.8 | 0.01 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. | ||
| CVE-2014-9824 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. | ||
| CVE-2014-9823 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. | ||
| CVE-2014-9822 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. | ||
| CVE-2014-9821 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | ||
| CVE-2014-9820 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. | ||
| CVE-2014-9819 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. | ||
| CVE-2014-9817 | Hig | 0.51 | 7.8 | 0.02 | Mar 30, 2017 | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. | ||
| CVE-2017-5510 | Hig | 0.51 | 7.8 | 0.02 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | ||
| CVE-2017-5509 | Hig | 0.51 | 7.8 | 0.02 | Mar 24, 2017 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. |
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
- risk 0.57cvss 8.8epss 0.02
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
- risk 0.57cvss 8.8epss 0.01
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
- risk 0.57cvss 8.8epss 0.02
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
- risk 0.57cvss 8.8epss 0.02
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
- risk 0.57cvss 8.8epss 0.02
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
- risk 0.57cvss 8.8epss 0.02
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
- risk 0.57cvss 8.8epss 0.02
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
- risk 0.57cvss 8.8epss 0.01
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
- risk 0.57cvss 8.8epss 0.02
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
- risk 0.57cvss 8.8epss 0.02
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
- risk 0.57cvss 8.8epss 0.03
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
- risk 0.57cvss 8.8epss 0.01
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
- risk 0.57cvss 8.8epss 0.02
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
- risk 0.57cvss 8.8epss 0.04
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the…
- risk 0.57cvss 9.8epss 0.05
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
- risk 0.57cvss 9.8epss 0.05
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
- risk 0.57cvss 8.8epss 0.04
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
- risk 0.57cvss 8.8epss 0.03
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and…
- risk 0.57cvss 8.8epss 0.03
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have…
- risk 0.57cvss 5.5epss 0.77
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
- risk 0.57cvss 5.5epss 0.75
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
- risk 0.53cvss 8.1epss —
GraphicsMagick: GraphicsMagick: Memory corruption via crafted Photo CD (PCD) file
- risk 0.53cvss 8.1epss 0.02
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
- risk 0.53cvss 8.1epss 0.05
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex…
- risk 0.53cvss 7.8epss 0.31
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF…
- risk 0.52cvss 7.5epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and…
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
- risk 0.51cvss 7.8epss 0.02
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
- risk 0.51cvss 7.8epss 0.02
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
Page 2 of 16