CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-15032 400 2017-10-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
2 CVE-2017-15017 476 2017-10-04 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
3 CVE-2017-15016 476 2017-10-04 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
4 CVE-2017-15015 476 2017-10-04 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
5 CVE-2017-14684 399 DoS 2017-09-21 2017-09-26
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
6 CVE-2017-14626 476 2017-09-21 2017-09-22
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
7 CVE-2017-14625 476 2017-09-21 2017-09-22
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
8 CVE-2017-14624 476 2017-09-21 2017-09-23
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
9 CVE-2017-14532 476 2017-09-17 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
10 CVE-2017-14531 399 2017-09-17 2017-09-20
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
11 CVE-2017-14341 400 2017-09-12 2017-09-15
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
12 CVE-2017-14325 399 DoS 2017-09-12 2017-09-20
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
13 CVE-2017-14175 399 2017-09-07 2017-11-12
7.1
None Remote Medium Not required None None Complete
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
14 CVE-2017-14174 399 2017-09-07 2017-11-12
7.1
None Remote Medium Not required None None Complete
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
15 CVE-2017-14172 399 2017-09-07 2017-11-12
7.1
None Remote Medium Not required None None Complete
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
16 CVE-2017-14138 119 Overflow 2017-09-04 2017-11-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
17 CVE-2017-14137 119 Overflow 2017-09-04 2017-11-12
7.5
None Remote Low Not required Partial Partial Partial
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
18 CVE-2017-13139 125 2017-08-23 2017-11-18
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
19 CVE-2017-13133 399 DoS 2017-08-22 2017-11-12
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
20 CVE-2017-12875 399 DoS 2017-08-29 2017-08-31
7.1
None Remote Medium Not required None None Complete
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
21 CVE-2017-12693 399 DoS 2017-09-01 2017-11-12
7.1
None Remote Medium Not required None None Complete
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
22 CVE-2017-12692 399 DoS 2017-09-01 2017-11-12
7.1
None Remote Medium Not required None None Complete
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
23 CVE-2017-12691 399 DoS 2017-09-01 2017-11-12
7.1
None Remote Medium Not required None None Complete
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
24 CVE-2017-12674 399 DoS 2017-08-07 2017-08-08
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
25 CVE-2017-12643 399 2017-08-07 2017-08-10
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
26 CVE-2017-12563 399 DoS 2017-08-05 2017-08-08
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.
27 CVE-2017-12435 399 DoS 2017-08-04 2017-08-08
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
28 CVE-2017-12432 399 DoS 2017-08-04 2017-11-06
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
29 CVE-2017-12430 399 DoS 2017-08-04 2017-08-08
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
30 CVE-2017-12429 399 DoS 2017-08-04 2017-08-04
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
31 CVE-2017-12140 399 2017-08-02 2017-11-12
7.1
None Remote Medium Not required None None Complete
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
32 CVE-2017-11530 400 DoS 2017-07-22 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
33 CVE-2017-11527 400 DoS 2017-07-22 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
34 CVE-2017-11526 400 DoS 2017-07-22 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
35 CVE-2017-11525 399 DoS 2017-07-22 2017-07-26
7.1
None Remote Medium Not required None None Complete
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
36 CVE-2017-11523 399 DoS 2017-07-22 2017-11-06
7.1
None Remote Medium Not required None None Complete
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
37 CVE-2017-11505 399 DoS 2017-07-21 2017-07-25
7.1
None Remote Medium Not required None None Complete
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
38 CVE-2017-11478 399 DoS 2017-07-20 2017-07-25
7.1
None Remote Medium Not required None None Complete
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
39 CVE-2017-11446 399 2017-07-19 2017-11-06
7.1
None Remote Medium Not required None None Complete
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
40 CVE-2017-11188 399 2017-07-12 2017-07-17
7.8
None Remote Low Not required None None Complete
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
41 CVE-2017-11166 399 2017-07-10 2017-07-13
7.1
None Remote Medium Not required None None Complete
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.
42 CVE-2017-11141 119 Overflow 2017-07-09 2017-07-13
7.1
None Remote Medium Not required None None Complete
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
43 CVE-2017-8765 399 2017-05-04 2017-11-03
7.1
None Remote Medium Not required None None Complete
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
44 CVE-2017-5511 119 Overflow 2017-03-24 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
45 CVE-2017-5507 399 DoS 2017-03-24 2017-11-03
7.8
None Remote Low Not required None None Complete
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
46 CVE-2016-10252 399 2017-03-14 2017-11-03
7.8
None Remote Low Not required None None Complete
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
47 CVE-2016-10146 399 DoS 2017-03-24 2017-11-03
7.8
None Remote Low Not required None None Complete
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
48 CVE-2016-10145 189 2017-03-24 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
49 CVE-2016-10144 284 2017-03-24 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
50 CVE-2016-10058 400 DoS 2017-03-23 2017-03-24
7.1
None Remote Medium Not required None None Complete
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
Total number of vulnerabilities : 76   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.