Filtered by vendor Imagemagick
Subscribe
Total
630 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18253 | 1 Imagemagick | 1 Imagemagick | 2018-03-30 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2018-7470 | 1 Imagemagick | 1 Imagemagick | 2018-03-17 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | |||||
CVE-2017-18210 | 1 Imagemagick | 1 Imagemagick | 2018-03-16 | 7.5 HIGH | 9.8 CRITICAL |
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | |||||
CVE-2018-6876 | 2 Imagemagick, Libfpx Project | 2 Imagemagick, Libfpx | 2018-03-08 | 4.3 MEDIUM | 6.5 MEDIUM |
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. | |||||
CVE-2010-4167 | 1 Imagemagick | 1 Imagemagick | 2018-01-05 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. | |||||
CVE-2017-13140 | 1 Imagemagick | 1 Imagemagick | 2017-11-12 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. | |||||
CVE-2017-12671 | 1 Imagemagick | 1 Imagemagick | 2017-11-06 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service. | |||||
CVE-2016-10062 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | |||||
CVE-2016-10145 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. | |||||
CVE-2016-10146 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 7.8 HIGH | 7.5 HIGH |
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
CVE-2016-10252 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 7.8 HIGH | 7.5 HIGH |
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. | |||||
CVE-2017-7606 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
CVE-2017-5508 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. | |||||
CVE-2017-5511 | 1 Imagemagick | 1 Imagemagick | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. | |||||
CVE-2006-2440 | 1 Imagemagick | 1 Imagemagick | 2017-10-11 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | |||||
CVE-2006-3743 | 1 Imagemagick | 1 Imagemagick | 2017-10-10 | 5.1 MEDIUM | N/A |
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. | |||||
CVE-2006-3744 | 1 Imagemagick | 1 Imagemagick | 2017-10-10 | 5.1 MEDIUM | N/A |
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. | |||||
CVE-2007-1797 | 1 Imagemagick | 1 Imagemagick | 2017-10-10 | 6.8 MEDIUM | N/A |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. | |||||
CVE-2005-0760 | 1 Imagemagick | 1 Imagemagick | 2017-10-10 | 5.0 MEDIUM | N/A |
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. |