CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-7943 399 2017-04-18 2017-04-24
4.3
None Remote Medium Not required None None Partial
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
2 CVE-2017-7942 399 2017-04-18 2017-04-21
4.3
None Remote Medium Not required None None Partial
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
3 CVE-2017-7941 399 2017-04-18 2017-04-21
4.3
None Remote Medium Not required None None Partial
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
4 CVE-2017-7619 2017-04-10 2017-04-14
5.0
None Remote Low Not required None None Partial
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
5 CVE-2017-7606 20 DoS 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
6 CVE-2017-7275 119 DoS Overflow 2017-03-27 2017-03-29
4.3
None Remote Medium Not required None None Partial
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
7 CVE-2017-6502 119 Overflow 2017-03-05 2017-03-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
8 CVE-2017-6501 476 2017-03-05 2017-03-07
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
9 CVE-2017-6500 125 2017-03-05 2017-03-07
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
10 CVE-2017-6499 399 2017-03-05 2017-03-07
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
11 CVE-2017-6498 20 2017-03-05 2017-03-07
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
12 CVE-2017-6497 476 2017-03-05 2017-03-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
13 CVE-2017-5511 119 Overflow 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
14 CVE-2017-5510 787 2017-03-24 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
15 CVE-2017-5509 787 2017-03-24 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
16 CVE-2017-5508 119 DoS Overflow 2017-03-24 2017-03-27
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
17 CVE-2017-5507 399 DoS 2017-03-24 2017-03-27
7.8
None Remote Low Not required None None Complete
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
18 CVE-2017-5506 415 2017-03-24 2017-03-27
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
19 CVE-2016-10252 399 2017-03-14 2017-03-16
7.8
None Remote Low Not required None None Complete
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
20 CVE-2016-10146 399 DoS 2017-03-24 2017-03-27
7.8
None Remote Low Not required None None Complete
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
21 CVE-2016-10145 189 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
22 CVE-2016-10144 284 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
23 CVE-2016-10071 125 DoS 2017-03-02 2017-03-07
4.3
None Remote Medium Not required None None Partial
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
24 CVE-2016-10070 125 DoS Overflow 2017-03-03 2017-03-04
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
25 CVE-2016-10069 20 DoS 2017-03-02 2017-03-07
4.3
None Remote Medium Not required None None Partial
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
26 CVE-2016-10068 20 DoS 2017-03-02 2017-03-07
4.3
None Remote Medium Not required None None Partial
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
27 CVE-2016-10067 119 DoS Overflow 2017-03-02 2017-03-07
5.0
None Remote Low Not required None None Partial
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
28 CVE-2016-10066 119 DoS Overflow 2017-03-03 2017-03-04
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
29 CVE-2016-10065 284 DoS 2017-03-03 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
30 CVE-2016-10064 119 DoS Overflow 2017-03-02 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
31 CVE-2016-10063 119 DoS Overflow 2017-03-02 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
32 CVE-2016-10062 388 DoS 2017-03-02 2017-03-07
4.3
None Remote Medium Not required None None Partial
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
33 CVE-2016-10061 20 DoS 2017-03-03 2017-03-04
4.3
None Remote Medium Not required None None Partial
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
34 CVE-2016-10060 20 DoS 2017-03-02 2017-03-07
4.3
None Remote Medium Not required None None Partial
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
35 CVE-2016-10059 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
36 CVE-2016-10058 400 DoS 2017-03-23 2017-03-24
7.1
None Remote Medium Not required None None Complete
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
37 CVE-2016-10057 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
38 CVE-2016-10056 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
39 CVE-2016-10055 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
40 CVE-2016-10054 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
41 CVE-2016-10053 369 DoS 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
42 CVE-2016-10052 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
43 CVE-2016-10051 416 DoS 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
44 CVE-2016-10050 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
45 CVE-2016-10049 119 DoS Overflow 2017-03-23 2017-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
46 CVE-2016-10048 22 Dir. Trav. 2017-03-23 2017-03-24
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
47 CVE-2016-10047 400 DoS 2017-03-23 2017-03-24
7.1
None Remote Medium Not required None None Complete
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
48 CVE-2016-10046 119 DoS Overflow 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
49 CVE-2016-9773 125 DoS Overflow 2017-02-16 2017-02-23
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
50 CVE-2016-9559 476 DoS 2017-03-01 2017-03-02
4.3
None Remote Medium Not required None None Partial
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
Total number of vulnerabilities : 214   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.