Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Imagemagick Subscribe
Total 630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18253 1 Imagemagick 1 Imagemagick 2018-03-30 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2018-7470 1 Imagemagick 1 Imagemagick 2018-03-17 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
CVE-2017-18210 1 Imagemagick 1 Imagemagick 2018-03-16 7.5 HIGH 9.8 CRITICAL
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
CVE-2018-6876 2 Imagemagick, Libfpx Project 2 Imagemagick, Libfpx 2018-03-08 4.3 MEDIUM 6.5 MEDIUM
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.
CVE-2010-4167 1 Imagemagick 1 Imagemagick 2018-01-05 6.9 MEDIUM N/A
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
CVE-2017-13140 1 Imagemagick 1 Imagemagick 2017-11-12 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
CVE-2017-12671 1 Imagemagick 1 Imagemagick 2017-11-06 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
CVE-2016-10062 1 Imagemagick 1 Imagemagick 2017-11-03 4.3 MEDIUM 5.5 MEDIUM
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-10144 1 Imagemagick 1 Imagemagick 2017-11-03 7.5 HIGH 9.8 CRITICAL
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
CVE-2016-10145 1 Imagemagick 1 Imagemagick 2017-11-03 7.5 HIGH 9.8 CRITICAL
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
CVE-2016-10146 1 Imagemagick 1 Imagemagick 2017-11-03 7.8 HIGH 7.5 HIGH
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2016-10252 1 Imagemagick 1 Imagemagick 2017-11-03 7.8 HIGH 7.5 HIGH
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
CVE-2017-7606 1 Imagemagick 1 Imagemagick 2017-11-03 4.3 MEDIUM 6.5 MEDIUM
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-5508 1 Imagemagick 1 Imagemagick 2017-11-03 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVE-2017-5511 1 Imagemagick 1 Imagemagick 2017-11-03 7.5 HIGH 9.8 CRITICAL
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVE-2006-2440 1 Imagemagick 1 Imagemagick 2017-10-11 7.5 HIGH N/A
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVE-2006-3743 1 Imagemagick 1 Imagemagick 2017-10-10 5.1 MEDIUM N/A
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
CVE-2006-3744 1 Imagemagick 1 Imagemagick 2017-10-10 5.1 MEDIUM N/A
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
CVE-2007-1797 1 Imagemagick 1 Imagemagick 2017-10-10 6.8 MEDIUM N/A
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
CVE-2005-0760 1 Imagemagick 1 Imagemagick 2017-10-10 5.0 MEDIUM N/A
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.