Imagemagick » Imagemagick : Security Vulnerabilities, CVEs, CVSS score >= 9
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
Max CVSS
10.0
EPSS Score
8.89%
Published
2005-02-09
Updated
2017-10-11
CVE-2016-3714
Public exploit
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
Max CVSS
10.0
EPSS Score
96.92%
Published
2016-05-05
Updated
2023-02-12
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Max CVSS
10.0
EPSS Score
74.33%
Published
2016-06-10
Updated
2023-08-01
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
Max CVSS
9.8
EPSS Score
0.60%
Published
2017-03-30
Updated
2017-04-04
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
Max CVSS
9.8
EPSS Score
1.36%
Published
2017-03-20
Updated
2018-10-30
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-03-20
Updated
2018-10-30
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
Max CVSS
9.8
EPSS Score
1.35%
Published
2017-03-20
Updated
2018-10-30
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
Max CVSS
9.8
EPSS Score
2.29%
Published
2017-03-20
Updated
2018-10-30
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
Max CVSS
9.8
EPSS Score
1.19%
Published
2017-03-17
Updated
2018-10-30
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
9.8
EPSS Score
0.70%
Published
2016-06-04
Updated
2016-09-23
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
1.63%
Published
2017-03-15
Updated
2018-08-04
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
Max CVSS
9.8
EPSS Score
0.75%
Published
2016-12-13
Updated
2016-12-16
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
Max CVSS
9.8
EPSS Score
2.70%
Published
2016-12-13
Updated
2016-12-16
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
Max CVSS
9.8
EPSS Score
2.12%
Published
2016-12-13
Updated
2016-12-16
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
Max CVSS
9.8
EPSS Score
0.97%
Published
2016-12-13
Updated
2016-12-16
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
Max CVSS
9.8
EPSS Score
9.69%
Published
2016-12-13
Updated
2016-12-15
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
Max CVSS
9.8
EPSS Score
1.20%
Published
2017-03-24
Updated
2017-11-04
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
Max CVSS
9.8
EPSS Score
1.06%
Published
2017-03-24
Updated
2017-11-04
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
1.33%
Published
2017-03-24
Updated
2017-11-04
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
Max CVSS
9.8
EPSS Score
1.00%
Published
2017-08-23
Updated
2020-10-14
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
Max CVSS
9.8
EPSS Score
0.34%
Published
2017-09-04
Updated
2019-10-03
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-09-18
Updated
2020-09-08
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-09-21
Updated
2020-09-08
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
Max CVSS
9.8
EPSS Score
0.70%
Published
2017-09-21
Updated
2020-09-08
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
Max CVSS
9.8
EPSS Score
0.96%
Published
2017-09-21
Updated
2020-09-08