Vulnerabilities (CVE)

Filtered by vendor Imagemagick Subscribe
Filtered by product Imagemagick
Total 645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0770 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-28 9.3 HIGH N/A
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
CVE-2007-1797 1 Imagemagick 1 Imagemagick 2024-02-28 6.8 MEDIUM N/A
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
CVE-2007-4985 1 Imagemagick 1 Imagemagick 2024-02-28 4.3 MEDIUM N/A
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.
CVE-2008-1097 1 Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-28 6.8 MEDIUM N/A
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
CVE-2008-1096 1 Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-28 6.8 MEDIUM N/A
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
CVE-2006-3743 1 Imagemagick 1 Imagemagick 2024-02-28 5.1 MEDIUM N/A
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
CVE-2005-1275 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-28 5.0 MEDIUM N/A
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.
CVE-2005-0005 6 Debian, Gentoo, Graphicsmagick and 3 more 6 Debian Linux, Linux, Graphicsmagick and 3 more 2024-02-28 7.5 HIGH N/A
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
CVE-2004-0981 4 Debian, Gentoo, Imagemagick and 1 more 4 Debian Linux, Linux, Imagemagick and 1 more 2024-02-28 10.0 HIGH N/A
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVE-2006-4144 1 Imagemagick 1 Imagemagick 2024-02-28 2.6 LOW N/A
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
CVE-2006-3744 1 Imagemagick 1 Imagemagick 2024-02-28 5.1 MEDIUM N/A
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
CVE-2005-0762 1 Imagemagick 1 Imagemagick 2024-02-28 7.5 HIGH N/A
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
CVE-2005-4601 1 Imagemagick 1 Imagemagick 2024-02-28 7.5 HIGH N/A
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
CVE-2005-0761 2 Imagemagick, Sgi 2 Imagemagick, Propack 2024-02-28 5.0 MEDIUM N/A
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
CVE-2005-0760 1 Imagemagick 1 Imagemagick 2024-02-28 5.0 MEDIUM N/A
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVE-2006-2440 1 Imagemagick 1 Imagemagick 2024-02-28 7.5 HIGH N/A
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVE-2005-3582 1 Imagemagick 1 Imagemagick 2024-02-28 7.2 HIGH N/A
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
CVE-2005-1739 2 Graphicsmagick, Imagemagick 2 Graphicsmagick, Imagemagick 2024-02-28 5.0 MEDIUM N/A
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
CVE-2005-0397 1 Imagemagick 1 Imagemagick 2024-02-28 7.5 HIGH N/A
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
CVE-2005-0759 2 Imagemagick, Sgi 2 Imagemagick, Propack 2024-02-28 5.0 MEDIUM N/A
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.