Vendor CVEs
ImageMagick
All CVEs
777 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10063 | Hig | 0.44 | 7.8 | 0.02 | Mar 2, 2017 | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. | ||
| CVE-2018-15607 | Med | 0.43 | 6.5 | 0.05 | Aug 21, 2018 | In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory… | ||
| CVE-2018-13153 | Med | 0.43 | 6.5 | 0.04 | Jul 5, 2018 | In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. | ||
| CVE-2018-10177 | Med | 0.43 | 6.5 | 0.03 | Apr 16, 2018 | In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. | ||
| CVE-2018-9133 | Med | 0.43 | 6.5 | 0.03 | Mar 30, 2018 | ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff… | ||
| CVE-2018-7443 | Med | 0.43 | 6.5 | 0.03 | Feb 23, 2018 | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in… | ||
| CVE-2017-18029 | Med | 0.43 | 6.5 | 0.04 | Jan 12, 2018 | In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. | ||
| CVE-2018-5357 | Med | 0.43 | 6.5 | 0.04 | Jan 12, 2018 | ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. | ||
| CVE-2018-5246 | Med | 0.43 | 6.5 | 0.04 | Jan 5, 2018 | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | ||
| CVE-2017-11525 | Med | 0.43 | 6.5 | 0.04 | Jul 23, 2017 | The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | ||
| CVE-2017-11524 | Med | 0.43 | 6.5 | 0.03 | Jul 23, 2017 | The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. | ||
| CVE-2016-7538 | Med | 0.43 | 6.5 | 0.03 | Apr 20, 2017 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | ||
| CVE-2016-7535 | Med | 0.43 | 6.5 | 0.03 | Apr 20, 2017 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. | ||
| CVE-2016-7534 | Med | 0.43 | 6.5 | 0.03 | Apr 20, 2017 | The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. | ||
| CVE-2016-7530 | Med | 0.43 | 6.5 | 0.03 | Apr 20, 2017 | The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. | ||
| CVE-2016-7526 | Med | 0.43 | 6.5 | 0.04 | Apr 20, 2017 | coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | ||
| CVE-2016-7521 | Med | 0.43 | 6.5 | 0.04 | Apr 20, 2017 | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | ||
| CVE-2016-7537 | Med | 0.43 | 6.5 | 0.03 | Apr 19, 2017 | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. | ||
| CVE-2016-9559 | Med | 0.43 | 6.5 | 0.04 | Mar 1, 2017 | coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. | ||
| CVE-2016-7799 | Med | 0.43 | 6.5 | 0.04 | Jan 18, 2017 | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||
| CVE-2026-33908 | Hig | 0.42 | 7.5 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth… | ||
| CVE-2026-33901 | Hig | 0.42 | 7.5 | 0.01 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue… | ||
| CVE-2018-18025 | Med | 0.42 | 6.5 | 0.03 | Oct 7, 2018 | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. | ||
| CVE-2018-18024 | Med | 0.42 | 6.5 | 0.03 | Oct 7, 2018 | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | ||
| CVE-2018-18023 | Med | 0.42 | 6.5 | 0.01 | Oct 7, 2018 | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. | ||
| CVE-2018-17967 | Med | 0.42 | 6.5 | 0.01 | Oct 3, 2018 | ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. | ||
| CVE-2018-17966 | Med | 0.42 | 6.5 | 0.02 | Oct 3, 2018 | ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. | ||
| CVE-2018-17965 | Med | 0.42 | 6.5 | 0.02 | Oct 3, 2018 | ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. | ||
| CVE-2018-16750 | Med | 0.42 | 6.5 | 0.03 | Sep 9, 2018 | In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. | ||
| CVE-2018-14437 | Med | 0.42 | 6.5 | 0.02 | Jul 20, 2018 | ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. | ||
| CVE-2018-14436 | Med | 0.42 | 6.5 | 0.02 | Jul 20, 2018 | ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. | ||
| CVE-2018-14435 | Med | 0.42 | 6.5 | 0.02 | Jul 20, 2018 | ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. | ||
| CVE-2018-14434 | Med | 0.42 | 6.5 | 0.03 | Jul 20, 2018 | ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. | ||
| CVE-2018-11656 | Med | 0.42 | 6.5 | 0.02 | Jun 1, 2018 | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. | ||
| CVE-2018-11655 | Med | 0.42 | 6.5 | 0.02 | Jun 1, 2018 | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. | ||
| CVE-2018-11251 | Med | 0.42 | 6.5 | 0.02 | May 18, 2018 | In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. | ||
| CVE-2017-18273 | Med | 0.42 | 6.5 | 0.02 | May 18, 2018 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. | ||
| CVE-2017-18272 | Med | 0.42 | 6.5 | 0.01 | May 18, 2018 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. | ||
| CVE-2017-18271 | Med | 0.42 | 6.5 | 0.02 | May 18, 2018 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. | ||
| CVE-2018-10805 | Med | 0.42 | 6.5 | 0.02 | May 8, 2018 | ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | ||
| CVE-2018-10804 | Med | 0.42 | 6.5 | 0.02 | May 8, 2018 | ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. | ||
| CVE-2017-18254 | Med | 0.42 | 6.5 | 0.02 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-18253 | Med | 0.42 | 6.5 | 0.01 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-18252 | Med | 0.42 | 6.5 | 0.02 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. | ||
| CVE-2017-18251 | Med | 0.42 | 6.5 | 0.02 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-18250 | Med | 0.42 | 6.5 | 0.01 | Mar 27, 2018 | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2018-7470 | Med | 0.42 | 6.5 | 0.02 | Feb 25, 2018 | An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | ||
| CVE-2018-6930 | Med | 0.42 | 6.5 | 0.02 | Feb 13, 2018 | A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. | ||
| CVE-2018-6876 | Med | 0.42 | 6.5 | 0.03 | Feb 9, 2018 | The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. | ||
| CVE-2018-6405 | Med | 0.42 | 6.5 | 0.02 | Jan 30, 2018 | In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. |
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
- risk 0.43cvss 6.5epss 0.05
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory…
- risk 0.43cvss 6.5epss 0.04
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
- risk 0.43cvss 6.5epss 0.03
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
- risk 0.43cvss 6.5epss 0.03
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff…
- risk 0.43cvss 6.5epss 0.03
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in…
- risk 0.43cvss 6.5epss 0.04
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
- risk 0.43cvss 6.5epss 0.04
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
- risk 0.43cvss 6.5epss 0.04
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
- risk 0.43cvss 6.5epss 0.04
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
- risk 0.43cvss 6.5epss 0.03
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
- risk 0.43cvss 6.5epss 0.03
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
- risk 0.43cvss 6.5epss 0.03
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
- risk 0.43cvss 6.5epss 0.03
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
- risk 0.43cvss 6.5epss 0.03
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
- risk 0.43cvss 6.5epss 0.04
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
- risk 0.43cvss 6.5epss 0.04
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
- risk 0.43cvss 6.5epss 0.03
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
- risk 0.43cvss 6.5epss 0.04
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
- risk 0.43cvss 6.5epss 0.04
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
- risk 0.42cvss 7.5epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth…
- risk 0.42cvss 7.5epss 0.01
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue…
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
- risk 0.42cvss 6.5epss 0.01
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
- risk 0.42cvss 6.5epss 0.03
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
- risk 0.42cvss 6.5epss 0.02
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.
- risk 0.42cvss 6.5epss 0.03
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.
- risk 0.42cvss 6.5epss 0.02
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
Page 4 of 16