Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Imagemagick Subscribe
Total 630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1882 1 Imagemagick 1 Imagemagick 2018-10-10 9.3 HIGH N/A
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
CVE-2005-1739 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2018-10-03 5.0 MEDIUM N/A
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
CVE-2017-18250 1 Imagemagick 1 Imagemagick 2018-08-09 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2018-12599 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2018-08-09 6.8 MEDIUM 8.8 HIGH
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2018-12600 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2018-08-09 6.8 MEDIUM 8.8 HIGH
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2016-5239 1 Imagemagick 1 Imagemagick 2018-08-03 7.5 HIGH 9.8 CRITICAL
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2017-18272 1 Imagemagick 1 Imagemagick 2018-06-15 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
CVE-2017-13758 1 Imagemagick 1 Imagemagick 2018-06-13 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVE-2017-13144 1 Imagemagick 1 Imagemagick 2018-06-13 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.
CVE-2017-12983 1 Imagemagick 1 Imagemagick 2018-06-13 6.8 MEDIUM 8.8 HIGH
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVE-2017-13143 1 Imagemagick 1 Imagemagick 2018-06-13 5.0 MEDIUM 7.5 HIGH
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVE-2017-12431 1 Imagemagick 1 Imagemagick 2018-06-13 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
CVE-2017-11640 1 Imagemagick 1 Imagemagick 2018-06-13 4.3 MEDIUM 6.5 MEDIUM
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CVE-2017-14682 1 Imagemagick 1 Imagemagick 2018-06-13 6.8 MEDIUM 8.8 HIGH
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
CVE-2017-14989 1 Imagemagick 1 Imagemagick 2018-06-13 4.3 MEDIUM 6.5 MEDIUM
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
CVE-2017-14224 1 Imagemagick 1 Imagemagick 2018-06-13 6.8 MEDIUM 8.8 HIGH
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
CVE-2018-11624 1 Imagemagick 1 Imagemagick 2018-06-06 6.8 MEDIUM 8.8 HIGH
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
CVE-2015-8897 1 Imagemagick 1 Imagemagick 2018-05-17 4.3 MEDIUM 5.5 MEDIUM
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVE-2015-8898 1 Imagemagick 1 Imagemagick 2018-05-17 4.3 MEDIUM 5.5 MEDIUM
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2015-8895 1 Imagemagick 1 Imagemagick 2018-05-17 5.0 MEDIUM 7.5 HIGH
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.