CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-16713 772 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
2 CVE-2019-16712 772 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
3 CVE-2019-16711 772 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
4 CVE-2019-16710 772 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
5 CVE-2019-16709 772 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
6 CVE-2019-16708 772 2019-09-23 2019-09-23
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
7 CVE-2019-15141 125 2019-08-18 2019-08-22
4.3
None Remote Medium Not required None None Partial
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
8 CVE-2019-15140 416 DoS 2019-08-18 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
9 CVE-2019-15139 125 2019-08-18 2019-08-28
4.3
None Remote Medium Not required None None Partial
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
10 CVE-2019-14981 369 DoS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
11 CVE-2019-14980 416 DoS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
12 CVE-2019-13454 369 2019-07-09 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
13 CVE-2019-13391 125 2019-07-07 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
14 CVE-2019-13311 399 2019-07-04 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
15 CVE-2019-13310 399 2019-07-04 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
16 CVE-2019-13309 399 2019-07-04 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
17 CVE-2019-13308 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
18 CVE-2019-13307 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
19 CVE-2019-13306 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
20 CVE-2019-13305 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
21 CVE-2019-13304 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
22 CVE-2019-13303 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
23 CVE-2019-13302 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
24 CVE-2019-13301 399 2019-07-04 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
25 CVE-2019-13300 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
26 CVE-2019-13299 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
27 CVE-2019-13298 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
28 CVE-2019-13297 125 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
29 CVE-2019-13296 399 2019-07-04 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
30 CVE-2019-13295 125 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
31 CVE-2019-13137 399 2019-07-01 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
32 CVE-2019-13136 190 Overflow 2019-07-01 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
33 CVE-2019-13135 20 2019-07-01 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
34 CVE-2019-13134 399 2019-07-01 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
35 CVE-2019-13133 399 2019-07-01 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
36 CVE-2019-12979 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
37 CVE-2019-12978 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
38 CVE-2019-12977 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
39 CVE-2019-12976 399 2019-06-26 2019-06-28
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
40 CVE-2019-12975 399 2019-06-26 2019-06-28
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
41 CVE-2019-12974 476 DoS 2019-06-26 2019-06-28
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
42 CVE-2019-11598 125 DoS 2019-04-29 2019-05-14
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
43 CVE-2019-11597 125 DoS 2019-04-29 2019-05-14
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
44 CVE-2019-11472 369 2019-04-23 2019-06-24
4.3
None Remote Medium Not required None None Partial
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
45 CVE-2019-11470 400 2019-04-23 2019-06-24
7.1
None Remote Medium Not required None None Complete
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
46 CVE-2019-10714 125 2019-04-02 2019-04-03
4.3
None Remote Medium Not required None None Partial
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
47 CVE-2019-10650 125 DoS 2019-03-30 2019-05-14
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
48 CVE-2019-10649 399 DoS 2019-03-30 2019-06-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
49 CVE-2019-10131 119 Overflow 2019-04-30 2019-05-21
3.6
None Local Low Not required Partial None Partial
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
50 CVE-2019-9956 119 DoS Exec Code Overflow 2019-03-23 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Total number of vulnerabilities : 546   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.