CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-15281 119 DoS Overflow 2017-10-12 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
2 CVE-2017-15277 200 +Info 2017-10-12 2017-10-19
4.3
None Remote Medium Not required Partial None None
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
3 CVE-2017-15218 400 2017-10-10 2017-10-19
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
4 CVE-2017-15217 400 2017-10-10 2017-10-19
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
5 CVE-2017-15033 399 2017-10-05 2017-10-12
5.0
None Remote Low Not required None None Partial
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
6 CVE-2017-15032 400 2017-10-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
7 CVE-2017-15017 476 2017-10-04 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
8 CVE-2017-15016 476 2017-10-04 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
9 CVE-2017-15015 476 2017-10-04 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
10 CVE-2017-14989 416 2017-10-02 2017-10-12
4.3
None Remote Medium Not required None None Partial
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
11 CVE-2017-14741 20 DoS 2017-09-25 2017-09-28
4.3
None Remote Medium Not required None None Partial
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
12 CVE-2017-14739 476 DoS 2017-09-25 2017-09-28
5.0
None Remote Low Not required None None Partial
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
13 CVE-2017-14684 399 DoS 2017-09-21 2017-09-26
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
14 CVE-2017-14682 119 DoS Overflow 2017-09-21 2017-09-26
6.8
None Remote Medium Not required Partial Partial Partial
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
15 CVE-2017-14626 476 2017-09-21 2017-09-22
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
16 CVE-2017-14625 476 2017-09-21 2017-09-22
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
17 CVE-2017-14624 476 2017-09-21 2017-09-23
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
18 CVE-2017-14607 125 2017-09-20 2017-09-23
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
19 CVE-2017-14533 119 Overflow 2017-09-17 2017-09-20
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
20 CVE-2017-14532 476 2017-09-17 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
21 CVE-2017-14531 399 2017-09-17 2017-09-20
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
22 CVE-2017-14528 416 DoS 2017-09-17 2017-09-20
4.3
None Remote Medium Not required None None Partial
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
23 CVE-2017-14505 476 DoS 2017-09-17 2017-09-20
4.3
None Remote Medium Not required None None Partial
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
24 CVE-2017-14400 476 DoS 2017-09-12 2017-09-20
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
25 CVE-2017-14343 119 Overflow 2017-09-12 2017-09-15
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
26 CVE-2017-14342 400 2017-09-12 2017-09-15
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
27 CVE-2017-14341 400 2017-09-12 2017-09-15
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
28 CVE-2017-14326 119 DoS Overflow 2017-09-12 2017-09-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
29 CVE-2017-14325 399 DoS 2017-09-12 2017-09-20
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
30 CVE-2017-14324 119 DoS Overflow 2017-09-12 2017-09-19
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
31 CVE-2017-14249 369 DoS 2017-09-11 2017-09-14
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
32 CVE-2017-14248 119 DoS Overflow 2017-09-11 2017-09-13
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
33 CVE-2017-14224 119 DoS Exec Code Overflow 2017-09-08 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
34 CVE-2017-14175 399 2017-09-07 2017-09-08
7.1
None Remote Medium Not required None None Complete
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
35 CVE-2017-14174 399 2017-09-07 2017-09-08
7.1
None Remote Medium Not required None None Complete
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
36 CVE-2017-14173 190 Overflow 2017-09-07 2017-09-08
4.3
None Remote Medium Not required None None Partial
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
37 CVE-2017-14172 399 2017-09-07 2017-09-08
7.1
None Remote Medium Not required None None Complete
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
38 CVE-2017-14139 119 Overflow 2017-09-04 2017-09-06
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
39 CVE-2017-14138 119 Overflow 2017-09-04 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
40 CVE-2017-14137 119 Overflow 2017-09-04 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
41 CVE-2017-14060 476 DoS 2017-08-31 2017-09-04
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
42 CVE-2017-13769 119 DoS Overflow 2017-08-30 2017-08-31
4.3
None Remote Medium Not required None None Partial
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
43 CVE-2017-13768 476 DoS 2017-08-30 2017-09-02
4.3
None Remote Medium Not required None None Partial
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
44 CVE-2017-13758 119 Overflow 2017-08-29 2017-08-31
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
45 CVE-2017-13658 20 DoS 2017-08-24 2017-08-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
46 CVE-2017-13146 119 Overflow 2017-08-23 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
47 CVE-2017-13145 20 2017-08-23 2017-08-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
48 CVE-2017-13144 20 2017-08-23 2017-08-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.
49 CVE-2017-13143 200 +Info 2017-08-23 2017-08-25
5.0
None Remote Low Not required Partial None None
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
50 CVE-2017-13142 754 2017-08-23 2017-08-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
Total number of vulnerabilities : 402   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.