Filtered by vendor Imagemagick
Subscribe
Total
630 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1882 | 1 Imagemagick | 1 Imagemagick | 2018-10-10 | 9.3 HIGH | N/A |
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
CVE-2005-1739 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2018-10-03 | 5.0 MEDIUM | N/A |
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | |||||
CVE-2017-18250 | 1 Imagemagick | 1 Imagemagick | 2018-08-09 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2018-12599 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | |||||
CVE-2018-12600 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2018-08-09 | 6.8 MEDIUM | 8.8 HIGH |
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | |||||
CVE-2016-5239 | 1 Imagemagick | 1 Imagemagick | 2018-08-03 | 7.5 HIGH | 9.8 CRITICAL |
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2017-18272 | 1 Imagemagick | 1 Imagemagick | 2018-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. | |||||
CVE-2017-13758 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | |||||
CVE-2017-13144 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. | |||||
CVE-2017-12983 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2017-13143 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. | |||||
CVE-2017-12431 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. | |||||
CVE-2017-11640 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | |||||
CVE-2017-14682 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | |||||
CVE-2017-14989 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 4.3 MEDIUM | 6.5 MEDIUM |
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | |||||
CVE-2017-14224 | 1 Imagemagick | 1 Imagemagick | 2018-06-13 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | |||||
CVE-2018-11624 | 1 Imagemagick | 1 Imagemagick | 2018-06-06 | 6.8 MEDIUM | 8.8 HIGH |
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | |||||
CVE-2015-8897 | 1 Imagemagick | 1 Imagemagick | 2018-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. | |||||
CVE-2015-8898 | 1 Imagemagick | 1 Imagemagick | 2018-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | |||||
CVE-2015-8895 | 1 Imagemagick | 1 Imagemagick | 2018-05-17 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. |