Imagemagick : Security Vulnerabilities, CVEs, (Overflow) CVSS score >= 9
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
Max CVSS
9.8
EPSS Score
0.93%
Published
2019-12-24
Updated
2022-10-31
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
1.33%
Published
2017-03-24
Updated
2017-11-04
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
Max CVSS
9.1
EPSS Score
0.62%
Published
2016-12-13
Updated
2021-04-13
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
Max CVSS
9.8
EPSS Score
9.69%
Published
2016-12-13
Updated
2016-12-15
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
9.8
EPSS Score
0.70%
Published
2016-06-04
Updated
2016-09-23
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
Max CVSS
9.8
EPSS Score
2.29%
Published
2017-03-20
Updated
2018-10-30
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
Max CVSS
9.8
EPSS Score
1.35%
Published
2017-03-20
Updated
2018-10-30
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-03-20
Updated
2018-10-30
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
5.46%
Published
2009-06-02
Updated
2018-10-10
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.
Max CVSS
9.3
EPSS Score
2.94%
Published
2007-03-24
Updated
2018-10-16
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
Max CVSS
9.3
EPSS Score
4.03%
Published
2007-02-12
Updated
2018-10-16
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
Max CVSS
10.0
EPSS Score
8.89%
Published
2005-02-09
Updated
2017-10-11
12 vulnerabilities found