Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Imagemagick Subscribe
Total 646 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8958 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVE-2016-8707 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 6.8 MEDIUM 7.8 HIGH
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
CVE-2017-8356 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2014-9839 1 Imagemagick 1 Imagemagick 2024-02-28 5.0 MEDIUM 7.5 HIGH
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVE-2016-5688 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2024-02-28 6.8 MEDIUM 8.1 HIGH
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
CVE-2016-10069 2 Imagemagick, Opensuse Project 2 Imagemagick, Leap 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVE-2014-9834 1 Imagemagick 1 Imagemagick 2024-02-28 6.8 MEDIUM 7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVE-2015-8959 1 Imagemagick 1 Imagemagick 2024-02-28 7.1 HIGH 6.5 MEDIUM
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
CVE-2016-10146 1 Imagemagick 1 Imagemagick 2024-02-28 7.8 HIGH 7.5 HIGH
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2016-9773 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVE-2017-7942 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVE-2014-9847 4 Canonical, Imagemagick, Opensuse and 1 more 10 Ubuntu Linux, Imagemagick, Opensuse and 7 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVE-2016-7538 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2017-6498 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVE-2016-5239 1 Imagemagick 1 Imagemagick 2024-02-28 7.5 HIGH 9.8 CRITICAL
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2016-7531 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
CVE-2017-6499 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
CVE-2014-9838 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVE-2014-9821 1 Imagemagick 1 Imagemagick 2024-02-28 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVE-2016-5689 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2024-02-28 7.5 HIGH 9.8 CRITICAL
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.