Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Imagemagick Subscribe
Total 630 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9556 3 Debian, Imagemagick, Opensuse Project 3 Debian Linux, Imagemagick, Leap 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2014-9915 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
CVE-2016-10046 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10048 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2017-03-24 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVE-2016-10047 1 Imagemagick 1 Imagemagick 2017-03-24 7.1 HIGH 5.5 MEDIUM
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
CVE-2014-9840 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVE-2014-9838 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVE-2014-9839 1 Imagemagick 1 Imagemagick 2017-03-24 5.0 MEDIUM 7.5 HIGH
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVE-2014-9834 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVE-2014-9833 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVE-2014-9832 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
CVE-2014-9836 1 Imagemagick 1 Imagemagick 2017-03-24 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVE-2014-9835 1 Imagemagick 1 Imagemagick 2017-03-24 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
CVE-2015-8894 1 Imagemagick 1 Imagemagick 2017-03-17 4.3 MEDIUM 5.5 MEDIUM
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
CVE-2016-10067 1 Imagemagick 1 Imagemagick 2017-03-07 5.0 MEDIUM 7.5 HIGH
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
CVE-2016-10069 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2017-03-07 4.3 MEDIUM 5.5 MEDIUM
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVE-2016-8678 1 Imagemagick 1 Imagemagick 2017-02-22 4.3 MEDIUM 5.5 MEDIUM
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
CVE-2016-5687 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVE-2016-5688 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 6.8 MEDIUM 8.1 HIGH
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
CVE-2016-5689 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2016-12-16 7.5 HIGH 9.8 CRITICAL
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.