Imagemagick : Security Vulnerabilities, CVEs, Published In 2017 (Denial of service) CVSS score >= 4
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
Max CVSS
7.1
EPSS Score
0.45%
Published
2017-12-27
Updated
2020-09-08
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
Max CVSS
6.5
EPSS Score
0.07%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-12-27
Updated
2019-10-03
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
Max CVSS
7.1
EPSS Score
0.24%
Published
2017-12-14
Updated
2020-09-08
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
Max CVSS
7.1
EPSS Score
0.17%
Published
2017-12-14
Updated
2020-08-19
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
Max CVSS
6.5
EPSS Score
0.10%
Published
2017-12-14
Updated
2019-10-03
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
Max CVSS
8.8
EPSS Score
2.14%
Published
2017-11-05
Updated
2020-10-22
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
Max CVSS
8.8
EPSS Score
1.55%
Published
2017-10-12
Updated
2020-09-08
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
Max CVSS
6.5
EPSS Score
0.58%
Published
2017-09-26
Updated
2020-09-08
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.75%
Published
2017-09-26
Updated
2020-09-08
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
Max CVSS
7.1
EPSS Score
0.09%
Published
2017-09-22
Updated
2019-10-03
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
Max CVSS
8.8
EPSS Score
0.61%
Published
2017-09-21
Updated
2018-06-14
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
Max CVSS
6.5
EPSS Score
0.12%
Published
2017-09-18
Updated
2021-03-04
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
Max CVSS
6.5
EPSS Score
0.31%
Published
2017-09-17
Updated
2020-09-08
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
Max CVSS
6.5
EPSS Score
0.43%
Published
2017-09-12
Updated
2020-09-08
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
Max CVSS
6.5
EPSS Score
0.09%
Published
2017-09-12
Updated
2019-10-03
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
Max CVSS
7.1
EPSS Score
0.10%
Published
2017-09-12
Updated
2019-10-03
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-09-12
Updated
2019-10-03
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
Max CVSS
6.5
EPSS Score
1.01%
Published
2017-09-11
Updated
2020-09-08
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
Max CVSS
6.5
EPSS Score
0.16%
Published
2017-09-11
Updated
2019-10-03