Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Imagemagick Subscribe
Filtered by product Imagemagick
Total 629 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10064 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2020-11-16 6.8 MEDIUM 7.8 HIGH
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-10070 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2020-11-16 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVE-2016-10071 1 Imagemagick 1 Imagemagick 2020-11-16 4.3 MEDIUM 5.5 MEDIUM
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVE-2016-7526 1 Imagemagick 1 Imagemagick 2020-11-16 4.3 MEDIUM 6.5 MEDIUM
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2016-7527 1 Imagemagick 1 Imagemagick 2020-11-16 4.3 MEDIUM 6.5 MEDIUM
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7528 1 Imagemagick 1 Imagemagick 2020-11-16 4.3 MEDIUM 6.5 MEDIUM
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVE-2016-7537 1 Imagemagick 1 Imagemagick 2020-11-16 4.3 MEDIUM 6.5 MEDIUM
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
CVE-2016-7536 1 Imagemagick 1 Imagemagick 2020-11-16 4.3 MEDIUM 6.5 MEDIUM
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
CVE-2017-17499 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2020-10-28 7.5 HIGH 9.8 CRITICAL
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVE-2017-5509 1 Imagemagick 1 Imagemagick 2020-10-28 6.8 MEDIUM 7.8 HIGH
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2017-5510 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-28 6.8 MEDIUM 7.8 HIGH
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2017-14174 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2020-10-23 7.1 HIGH 6.5 MEDIUM
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVE-2017-16546 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2020-10-22 6.8 MEDIUM 8.8 HIGH
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVE-2017-9144 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-15 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
CVE-2017-9142 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-15 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
CVE-2017-9143 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-15 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
CVE-2017-9141 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-15 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
CVE-2017-5506 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-15 6.8 MEDIUM 7.8 HIGH
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVE-2017-5507 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2020-10-15 7.8 HIGH 7.5 HIGH
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVE-2017-14341 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2020-10-15 7.1 HIGH 6.5 MEDIUM
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.