Imagemagick » Imagemagick : Security Vulnerabilities, CVEs, Published In 2017 (Information Leak)
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
Max CVSS
6.5
EPSS Score
1.81%
Published
2017-10-12
Updated
2018-10-18
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
Max CVSS
7.5
EPSS Score
0.63%
Published
2017-08-23
Updated
2018-06-14
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
Max CVSS
6.5
EPSS Score
0.22%
Published
2017-07-19
Updated
2021-04-28
3 vulnerabilities found