Vendor CVEs
ImageMagick
All CVEs
783 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8347 | Med | 0.42 | 6.5 | 0.02 | Apr 30, 2017 | In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||
| CVE-2017-8346 | Med | 0.42 | 6.5 | 0.02 | Apr 30, 2017 | In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||
| CVE-2017-8345 | Med | 0.42 | 6.5 | 0.02 | Apr 30, 2017 | In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||
| CVE-2017-8344 | Med | 0.42 | 6.5 | 0.02 | Apr 30, 2017 | In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||
| CVE-2017-8343 | Med | 0.42 | 6.5 | 0.02 | Apr 30, 2017 | In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||
| CVE-2016-7540 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | ||
| CVE-2016-7536 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | ||
| CVE-2016-7532 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | ||
| CVE-2016-7527 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||
| CVE-2016-7525 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | ||
| CVE-2016-7520 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. | ||
| CVE-2016-7518 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. | ||
| CVE-2016-7517 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. | ||
| CVE-2016-7516 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. | ||
| CVE-2016-7514 | Med | 0.42 | 6.5 | 0.03 | Apr 20, 2017 | The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | ||
| CVE-2016-7513 | Med | 0.42 | 6.5 | 0.02 | Apr 20, 2017 | Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. | ||
| CVE-2016-5010 | Med | 0.42 | 6.5 | 0.02 | Apr 20, 2017 | coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. | ||
| CVE-2016-7533 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. | ||
| CVE-2016-7531 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. | ||
| CVE-2016-7529 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. | ||
| CVE-2016-7528 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. | ||
| CVE-2016-7522 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | ||
| CVE-2016-7519 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | ||
| CVE-2016-7515 | Med | 0.42 | 6.5 | 0.03 | Apr 19, 2017 | The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. | ||
| CVE-2017-7943 | Med | 0.42 | 6.5 | 0.03 | Apr 18, 2017 | The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||
| CVE-2017-7942 | Med | 0.42 | 6.5 | 0.02 | Apr 18, 2017 | The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||
| CVE-2017-7941 | Med | 0.42 | 6.5 | 0.03 | Apr 18, 2017 | The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||
| CVE-2014-9837 | Med | 0.42 | 6.5 | 0.02 | Apr 11, 2017 | coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | ||
| CVE-2014-8354 | Med | 0.42 | 6.5 | 0.03 | Apr 11, 2017 | The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | ||
| CVE-2017-7606 | Med | 0.42 | 6.5 | 0.02 | Apr 9, 2017 | coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted… | ||
| CVE-2014-9829 | Med | 0.42 | 6.5 | 0.02 | Apr 5, 2017 | coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file. | ||
| CVE-2016-10146 | Hig | 0.42 | 7.5 | 0.05 | Mar 24, 2017 | Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | ||
| CVE-2016-10048 | Hig | 0.42 | 7.5 | 0.07 | Mar 23, 2017 | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | ||
| CVE-2015-8895 | Hig | 0.42 | 7.5 | 0.05 | Mar 15, 2017 | Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. | ||
| CVE-2016-10067 | Hig | 0.42 | 7.5 | 0.03 | Mar 2, 2017 | magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | ||
| CVE-2015-8903 | Med | 0.42 | 6.5 | 0.02 | Feb 27, 2017 | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | ||
| CVE-2015-8902 | Med | 0.42 | 6.5 | 0.02 | Feb 27, 2017 | The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | ||
| CVE-2015-8901 | Med | 0.42 | 6.5 | 0.02 | Feb 27, 2017 | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | ||
| CVE-2016-7101 | Med | 0.42 | 6.5 | 0.03 | Jan 18, 2017 | The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. | ||
| CVE-2012-1798 | Med | 0.42 | 6.5 | 0.02 | Jun 5, 2012 | The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | ||
| CVE-2012-0260 | Med | 0.42 | 6.5 | 0.02 | Jun 5, 2012 | The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. | ||
| CVE-2012-0259 | Med | 0.42 | 6.5 | 0.02 | Jun 5, 2012 | The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. | ||
| CVE-2026-53465 | Med | 0.40 | 6.2 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25. | ||
| CVE-2026-46557 | Med | 0.40 | 6.2 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23. | ||
| CVE-2026-46523 | Med | 0.40 | 6.2 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue. | ||
| CVE-2014-8716 | Med | 0.40 | 6.2 | 0.00 | Apr 11, 2017 | The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). | ||
| CVE-2016-3717 | Med | 0.40 | 5.5 | 0.20 | May 5, 2016 | The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | ||
| CVE-2026-53462 | Med | 0.38 | 5.9 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched… | ||
| CVE-2026-48994 | Med | 0.38 | 5.9 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in… | ||
| CVE-2026-47166 | Med | 0.37 | 5.7 | 0.00 | Jun 10, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been… |
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
- risk 0.42cvss 6.5epss 0.03
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.
- risk 0.42cvss 6.5epss 0.03
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
- risk 0.42cvss 6.5epss 0.03
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
- risk 0.42cvss 6.5epss 0.03
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
- risk 0.42cvss 6.5epss 0.03
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
- risk 0.42cvss 6.5epss 0.03
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
- risk 0.42cvss 6.5epss 0.03
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.
- risk 0.42cvss 6.5epss 0.03
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
- risk 0.42cvss 6.5epss 0.03
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.
- risk 0.42cvss 6.5epss 0.03
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
- risk 0.42cvss 6.5epss 0.02
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
- risk 0.42cvss 6.5epss 0.03
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
- risk 0.42cvss 6.5epss 0.03
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
- risk 0.42cvss 6.5epss 0.03
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
- risk 0.42cvss 6.5epss 0.03
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
- risk 0.42cvss 6.5epss 0.03
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
- risk 0.42cvss 6.5epss 0.03
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
- risk 0.42cvss 6.5epss 0.03
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
- risk 0.42cvss 6.5epss 0.03
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
- risk 0.42cvss 6.5epss 0.02
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
- risk 0.42cvss 6.5epss 0.03
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
- risk 0.42cvss 6.5epss 0.02
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
- risk 0.42cvss 6.5epss 0.03
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
- risk 0.42cvss 6.5epss 0.02
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted…
- risk 0.42cvss 6.5epss 0.02
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
- risk 0.42cvss 7.5epss 0.05
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
- risk 0.42cvss 7.5epss 0.07
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
- risk 0.42cvss 7.5epss 0.05
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
- risk 0.42cvss 7.5epss 0.03
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
- risk 0.42cvss 6.5epss 0.02
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
- risk 0.42cvss 6.5epss 0.02
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
- risk 0.42cvss 6.5epss 0.03
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
- risk 0.42cvss 6.5epss 0.02
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
- risk 0.42cvss 6.5epss 0.02
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
- risk 0.42cvss 6.5epss 0.02
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
- risk 0.40cvss 6.2epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.
- risk 0.40cvss 6.2epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23.
- risk 0.40cvss 6.2epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue.
- risk 0.40cvss 6.2epss 0.00
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
- risk 0.40cvss 5.5epss 0.20
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
- risk 0.38cvss 5.9epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, when an allocation fails in CheckPrimitiveExtent this can result in a heap-use-after-free and result in a crash. This issue has been patched…
- risk 0.38cvss 5.9epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in…
- risk 0.37cvss 5.7epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been…
Page 8 of 16