Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Imagemagick Subscribe
Filtered by product Imagemagick
Total 629 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11472 1 Imagemagick 1 Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
CVE-2018-7443 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
CVE-2018-8804 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-18 6.8 MEDIUM 8.8 HIGH
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
CVE-2018-18024 1 Imagemagick 1 Imagemagick 2020-08-18 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-8960 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2020-08-18 6.8 MEDIUM 8.8 HIGH
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
CVE-2012-1610 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-08-14 5.0 MEDIUM 7.5 HIGH
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.
CVE-2015-8903 1 Imagemagick 1 Imagemagick 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
CVE-2015-8902 1 Imagemagick 1 Imagemagick 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
CVE-2015-8901 1 Imagemagick 1 Imagemagick 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
CVE-2012-1798 4 Debian, Imagemagick, Opensuse and 1 more 10 Debian Linux, Imagemagick, Opensuse and 7 more 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVE-2012-0260 5 Canonical, Debian, Imagemagick and 2 more 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVE-2012-0259 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2020-07-31 4.3 MEDIUM 6.5 MEDIUM
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVE-2012-0248 4 Canonical, Debian, Imagemagick and 1 more 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more 2020-07-31 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVE-2012-0247 4 Canonical, Debian, Imagemagick and 1 more 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more 2020-07-31 6.8 MEDIUM 8.8 HIGH
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
CVE-2015-8900 1 Imagemagick 1 Imagemagick 2020-07-31 4.3 MEDIUM 5.5 MEDIUM
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
CVE-2019-15140 1 Imagemagick 1 Imagemagick 2020-07-03 6.8 MEDIUM 8.8 HIGH
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
CVE-2020-13902 1 Imagemagick 1 Imagemagick 2020-06-10 5.8 MEDIUM 7.1 HIGH
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVE-2020-10251 1 Imagemagick 1 Imagemagick 2020-03-10 4.3 MEDIUM 5.5 MEDIUM
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.
CVE-2014-1947 2 Imagemagick, Suse 4 Imagemagick, Linux Enterprise Desktop, Linux Enterprise Server and 1 more 2020-02-21 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
CVE-2014-1958 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Opensuse 2020-02-12 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.