Imagemagick : Security Vulnerabilities, CVEs, CVSS score between 5 and 5.99

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).

DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.

ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.

The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.

The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.

magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).

ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.

Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.