Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Imagemagick Subscribe
Total 630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-13658 1 Imagemagick 1 Imagemagick 2020-09-07 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
CVE-2017-15281 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-09-07 6.8 MEDIUM 8.8 HIGH
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVE-2019-9956 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-08-24 6.8 MEDIUM 8.8 HIGH
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
CVE-2018-14551 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-24 7.5 HIGH 9.8 CRITICAL
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVE-2018-16644 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
CVE-2019-13295 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-08-19 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
CVE-2019-13297 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-08-19 6.8 MEDIUM 8.8 HIGH
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
CVE-2019-12979 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-08-19 6.8 MEDIUM 7.8 HIGH
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
CVE-2019-14981 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-08-19 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
CVE-2019-13454 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-08-19 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVE-2018-10177 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
CVE-2017-17681 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-18 7.1 HIGH 6.5 MEDIUM
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVE-2019-12978 1 Imagemagick 1 Imagemagick 2020-08-18 6.8 MEDIUM 7.8 HIGH
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
CVE-2019-11597 1 Imagemagick 1 Imagemagick 2020-08-18 5.8 MEDIUM 8.1 HIGH
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
CVE-2019-11472 1 Imagemagick 1 Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
CVE-2017-12805 1 Imagemagick 1 Imagemagick 2020-08-18 5.0 MEDIUM 7.5 HIGH
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
CVE-2018-9133 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
CVE-2019-12974 1 Imagemagick 1 Imagemagick 2020-08-18 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
CVE-2017-18252 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
CVE-2019-11470 1 Imagemagick 1 Imagemagick 2020-08-18 7.1 HIGH 6.5 MEDIUM
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.