Imagemagick : Security Vulnerabilities, CVEs, CVSS score >= 8
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
Max CVSS
9.8
EPSS Score
0.39%
Published
2023-05-30
Updated
2023-08-31
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
Max CVSS
9.8
EPSS Score
0.47%
Published
2019-12-24
Updated
2020-01-02
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
Max CVSS
9.1
EPSS Score
0.33%
Published
2019-12-24
Updated
2022-10-31
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
Max CVSS
9.8
EPSS Score
0.93%
Published
2019-12-24
Updated
2022-10-31
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
Max CVSS
8.8
EPSS Score
0.29%
Published
2019-10-14
Updated
2019-10-18
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
Max CVSS
8.8
EPSS Score
0.43%
Published
2019-10-14
Updated
2021-04-20
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
Max CVSS
8.8
EPSS Score
0.22%
Published
2019-10-14
Updated
2021-04-20
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
Max CVSS
8.8
EPSS Score
2.69%
Published
2019-08-18
Updated
2020-07-03
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
Max CVSS
8.8
EPSS Score
0.97%
Published
2019-07-07
Updated
2020-09-08
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
Max CVSS
8.8
EPSS Score
0.62%
Published
2019-07-05
Updated
2023-03-02
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
Max CVSS
8.8
EPSS Score
0.39%
Published
2019-07-05
Updated
2023-03-02
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
Max CVSS
8.8
EPSS Score
0.26%
Published
2019-07-05
Updated
2023-03-02
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
Max CVSS
8.8
EPSS Score
0.62%
Published
2019-07-05
Updated
2023-02-23
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
Max CVSS
8.8
EPSS Score
0.26%
Published
2019-07-05
Updated
2023-03-02
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
Max CVSS
8.8
EPSS Score
0.27%
Published
2019-07-05
Updated
2023-03-02
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
Max CVSS
8.8
EPSS Score
0.33%
Published
2019-07-05
Updated
2020-08-19
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
Max CVSS
8.8
EPSS Score
0.33%
Published
2019-07-05
Updated
2020-08-19
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
Max CVSS
8.8
EPSS Score
0.71%
Published
2019-07-01
Updated
2021-04-28
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
Max CVSS
8.1
EPSS Score
2.33%
Published
2019-04-29
Updated
2020-09-08
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
4.94%
Published
2019-04-29
Updated
2020-08-19
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
1.20%
Published
2019-03-30
Updated
2019-05-14
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Max CVSS
8.8
EPSS Score
0.99%
Published
2019-03-24
Updated
2020-08-24
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
Max CVSS
8.8
EPSS Score
0.66%
Published
2018-09-03
Updated
2019-10-03
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
Max CVSS
8.8
EPSS Score
0.49%
Published
2018-09-03
Updated
2019-10-03
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
Max CVSS
9.8
EPSS Score
0.14%
Published
2018-09-01
Updated
2018-10-25