Total
645 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10070 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
CVE-2016-10065 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |||||
CVE-2016-7906 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | |||||
CVE-2015-8896 | 3 Imagemagick, Oracle, Redhat | 8 Imagemagick, Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | |||||
CVE-2017-8350 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
CVE-2016-9556 | 3 Debian, Imagemagick, Opensuse Project | 3 Debian Linux, Imagemagick, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | |||||
CVE-2014-9835 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | |||||
CVE-2014-9840 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||||
CVE-2016-10060 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2017-7619 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. | |||||
CVE-2017-9098 | 3 Debian, Graphicsmagick, Imagemagick | 3 Debian Linux, Graphicsmagick, Imagemagick | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | |||||
CVE-2015-8901 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |||||
CVE-2016-5687 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | |||||
CVE-2015-8902 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | |||||
CVE-2016-10049 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | |||||
CVE-2014-8354 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | |||||
CVE-2017-5507 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. | |||||
CVE-2017-8353 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||||
CVE-2016-7540 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. |