Vulnerabilities (CVE)

Filtered by vendor Imagemagick Subscribe
Filtered by product Imagemagick
Total 645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10070 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVE-2016-10065 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2024-02-28 6.8 MEDIUM 7.8 HIGH
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVE-2016-5691 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2024-02-28 7.5 HIGH 9.8 CRITICAL
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVE-2016-7906 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVE-2015-8896 3 Imagemagick, Oracle, Redhat 8 Imagemagick, Linux, Enterprise Linux Desktop and 5 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVE-2017-8350 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2016-9556 3 Debian, Imagemagick, Opensuse Project 3 Debian Linux, Imagemagick, Leap 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2014-9835 1 Imagemagick 1 Imagemagick 2024-02-28 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
CVE-2014-9840 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVE-2016-10060 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2017-7619 1 Imagemagick 1 Imagemagick 2024-02-28 5.0 MEDIUM 7.5 HIGH
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
CVE-2017-9098 3 Debian, Graphicsmagick, Imagemagick 3 Debian Linux, Graphicsmagick, Imagemagick 2024-02-28 5.0 MEDIUM 7.5 HIGH
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
CVE-2015-8901 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
CVE-2016-5687 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2024-02-28 7.5 HIGH 9.8 CRITICAL
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVE-2015-8902 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
CVE-2016-10049 1 Imagemagick 1 Imagemagick 2024-02-28 6.8 MEDIUM 7.8 HIGH
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVE-2014-8354 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2017-5507 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 7.8 HIGH 7.5 HIGH
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVE-2017-8353 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2016-7540 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.