Total
629 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |||||
CVE-2016-5690 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. | |||||
CVE-2016-5841 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-14 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | |||||
CVE-2003-0555 | 1 Imagemagick | 1 Imagemagick | 2016-10-17 | 7.5 HIGH | N/A |
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability. | |||||
CVE-2016-4562 | 1 Imagemagick | 1 Imagemagick | 2016-09-22 | 6.8 MEDIUM | 8.8 HIGH |
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2016-4563 | 1 Imagemagick | 1 Imagemagick | 2016-09-22 | 6.8 MEDIUM | 8.8 HIGH |
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2016-4564 | 1 Imagemagick | 1 Imagemagick | 2016-09-22 | 7.5 HIGH | 9.8 CRITICAL |
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2013-4298 | 1 Imagemagick | 1 Imagemagick | 2013-09-17 | 4.3 MEDIUM | N/A |
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. | |||||
CVE-2005-3582 | 1 Imagemagick | 1 Imagemagick | 2011-03-07 | 7.2 HIGH | N/A |
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. |