Imagemagick : Security Vulnerabilities, CVEs, (Denial of service) CVSS score >= 6
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-10-04
Updated
2023-10-10
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
Max CVSS
7.1
EPSS Score
0.08%
Published
2023-08-22
Updated
2024-03-15
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
Max CVSS
6.5
EPSS Score
1.10%
Published
2023-02-06
Updated
2023-03-11
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.
Max CVSS
7.1
EPSS Score
0.06%
Published
2022-04-29
Updated
2022-05-11
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
Max CVSS
7.1
EPSS Score
0.09%
Published
2022-08-29
Updated
2022-09-01
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
Max CVSS
6.5
EPSS Score
0.18%
Published
2019-11-11
Updated
2021-04-28
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
Max CVSS
6.5
EPSS Score
0.13%
Published
2019-08-18
Updated
2023-03-03
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
Max CVSS
8.8
EPSS Score
2.69%
Published
2019-08-18
Updated
2020-07-03
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
Max CVSS
6.5
EPSS Score
0.72%
Published
2019-08-18
Updated
2020-09-08
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
Max CVSS
6.5
EPSS Score
1.23%
Published
2019-08-12
Updated
2020-08-19
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
Max CVSS
6.5
EPSS Score
0.42%
Published
2019-08-12
Updated
2023-03-02
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
Max CVSS
8.1
EPSS Score
2.92%
Published
2019-04-29
Updated
2020-09-08
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
4.94%
Published
2019-04-29
Updated
2020-08-19
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
Max CVSS
6.5
EPSS Score
2.00%
Published
2019-04-23
Updated
2020-08-19
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
Max CVSS
7.1
EPSS Score
2.03%
Published
2019-04-23
Updated
2020-08-19
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
1.20%
Published
2019-03-30
Updated
2019-05-14
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Max CVSS
8.8
EPSS Score
0.99%
Published
2019-03-24
Updated
2020-08-24
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
Max CVSS
6.5
EPSS Score
0.44%
Published
2018-12-26
Updated
2021-04-28
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
Max CVSS
6.5
EPSS Score
0.15%
Published
2018-10-07
Updated
2020-09-08
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
Max CVSS
6.5
EPSS Score
0.34%
Published
2018-10-07
Updated
2020-08-19
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-10-07
Updated
2019-06-25
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
Max CVSS
6.5
EPSS Score
0.22%
Published
2018-09-09
Updated
2021-04-28
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
Max CVSS
6.5
EPSS Score
1.55%
Published
2018-09-06
Updated
2019-10-03
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
Max CVSS
6.5
EPSS Score
1.52%
Published
2018-09-06
Updated
2020-08-24
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
Max CVSS
6.5
EPSS Score
0.99%
Published
2018-09-06
Updated
2020-09-08