Imagemagick : Security Vulnerabilities, CVEs, CVSS score >= 9
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
Max CVSS
9.8
EPSS Score
0.39%
Published
2023-05-30
Updated
2023-08-31
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
Max CVSS
9.8
EPSS Score
0.47%
Published
2019-12-24
Updated
2020-01-02
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
Max CVSS
9.1
EPSS Score
0.33%
Published
2019-12-24
Updated
2022-10-31
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
Max CVSS
9.8
EPSS Score
0.93%
Published
2019-12-24
Updated
2022-10-31
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
Max CVSS
9.8
EPSS Score
0.14%
Published
2018-09-01
Updated
2018-10-25
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
Max CVSS
9.8
EPSS Score
0.14%
Published
2018-09-01
Updated
2018-10-25
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
Max CVSS
9.8
EPSS Score
0.62%
Published
2018-07-23
Updated
2020-08-24
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
Max CVSS
9.8
EPSS Score
0.51%
Published
2018-03-01
Updated
2020-09-08
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
Max CVSS
9.8
EPSS Score
0.23%
Published
2018-03-01
Updated
2018-03-16
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
Max CVSS
9.8
EPSS Score
1.39%
Published
2017-12-11
Updated
2020-10-28
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-10-05
Updated
2019-10-03
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
Max CVSS
9.8
EPSS Score
0.96%
Published
2017-09-21
Updated
2020-09-08
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-09-21
Updated
2020-09-08
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-09-21
Updated
2020-09-08
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-09-18
Updated
2020-09-08
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
Max CVSS
9.8
EPSS Score
0.34%
Published
2017-09-04
Updated
2019-10-03
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
Max CVSS
9.8
EPSS Score
1.00%
Published
2017-08-23
Updated
2020-10-14
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
1.33%
Published
2017-03-24
Updated
2017-11-04
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
Max CVSS
9.8
EPSS Score
1.06%
Published
2017-03-24
Updated
2017-11-04
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
Max CVSS
9.8
EPSS Score
1.20%
Published
2017-03-24
Updated
2017-11-04
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
Max CVSS
9.1
EPSS Score
0.62%
Published
2016-12-13
Updated
2021-04-13
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
Max CVSS
9.8
EPSS Score
9.69%
Published
2016-12-13
Updated
2016-12-15
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
Max CVSS
9.8
EPSS Score
0.97%
Published
2016-12-13
Updated
2016-12-16
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
Max CVSS
9.8
EPSS Score
2.12%
Published
2016-12-13
Updated
2016-12-16
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
Max CVSS
9.8
EPSS Score
2.70%
Published
2016-12-13
Updated
2016-12-16