| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-20467 |
399 |
|
DoS |
2018-12-25 |
2019-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. |
|
2 |
CVE-2018-18544 |
399 |
|
|
2018-10-20 |
2018-11-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. |
|
3 |
CVE-2018-18025 |
125 |
|
DoS |
2018-10-07 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. |
|
4 |
CVE-2018-18024 |
400 |
|
DoS |
2018-10-07 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. |
|
5 |
CVE-2018-18023 |
125 |
|
DoS |
2018-10-07 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. |
|
6 |
CVE-2018-18016 |
399 |
|
|
2018-10-05 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. |
|
7 |
CVE-2018-17967 |
399 |
|
|
2018-10-03 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. |
|
8 |
CVE-2018-17966 |
399 |
|
|
2018-10-03 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. |
|
9 |
CVE-2018-17965 |
399 |
|
|
2018-10-03 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. |
|
10 |
CVE-2018-16750 |
399 |
|
|
2018-09-09 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. |
|
11 |
CVE-2018-16749 |
476 |
|
DoS |
2018-09-09 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. |
|
12 |
CVE-2018-16645 |
399 |
|
DoS |
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. |
|
13 |
CVE-2018-16644 |
20 |
|
DoS |
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. |
|
14 |
CVE-2018-16643 |
20 |
|
DoS |
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. |
|
15 |
CVE-2018-16642 |
787 |
|
DoS |
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. |
|
16 |
CVE-2018-16641 |
399 |
|
|
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. |
|
17 |
CVE-2018-16640 |
399 |
|
|
2018-09-06 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. |
|
18 |
CVE-2018-16323 |
200 |
|
+Info |
2018-09-01 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. |
|
19 |
CVE-2018-14437 |
399 |
|
|
2018-07-19 |
2018-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. |
|
20 |
CVE-2018-14436 |
399 |
|
|
2018-07-19 |
2018-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. |
|
21 |
CVE-2018-14435 |
399 |
|
|
2018-07-19 |
2018-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. |
|
22 |
CVE-2018-14434 |
399 |
|
|
2018-07-19 |
2018-10-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. |
|
23 |
CVE-2018-13153 |
399 |
|
|
2018-07-04 |
2018-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. |
|
24 |
CVE-2018-11656 |
399 |
|
DoS |
2018-06-01 |
2018-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. |
|
25 |
CVE-2018-11655 |
399 |
|
DoS |
2018-06-01 |
2018-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. |
|
26 |
CVE-2018-11251 |
119 |
|
DoS Overflow |
2018-05-18 |
2018-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. |
|
27 |
CVE-2018-10805 |
400 |
|
|
2018-05-08 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. |
|
28 |
CVE-2018-10804 |
400 |
|
|
2018-05-08 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. |
|
29 |
CVE-2018-10177 |
399 |
|
DoS |
2018-04-16 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. |
|
30 |
CVE-2018-9133 |
399 |
|
DoS |
2018-03-30 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. |
|
31 |
CVE-2018-7470 |
119 |
|
DoS Overflow |
2018-02-25 |
2018-03-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. |
|
32 |
CVE-2018-7443 |
399 |
|
DoS |
2018-02-23 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). |
|
33 |
CVE-2018-6930 |
119 |
|
DoS Overflow |
2018-02-13 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. |
|
34 |
CVE-2018-6876 |
119 |
|
DoS Overflow |
2018-02-09 |
2018-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. |
|
35 |
CVE-2018-6405 |
399 |
|
DoS |
2018-01-30 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. |
|
36 |
CVE-2018-5358 |
399 |
|
|
2018-01-12 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. |
|
37 |
CVE-2018-5357 |
399 |
|
|
2018-01-12 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. |
|
38 |
CVE-2018-5247 |
399 |
|
|
2018-01-05 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. |
|
39 |
CVE-2018-5246 |
399 |
|
|
2018-01-05 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. |
|
40 |
CVE-2017-1000445 |
476 |
|
DoS |
2018-01-02 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service |
|
41 |
CVE-2017-18272 |
416 |
|
DoS |
2018-05-18 |
2018-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. |
|
42 |
CVE-2017-18254 |
399 |
|
DoS |
2018-03-26 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. |
|
43 |
CVE-2017-18253 |
476 |
|
DoS |
2018-03-26 |
2018-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. |
|
44 |
CVE-2017-18252 |
20 |
|
DoS |
2018-03-26 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. |
|
45 |
CVE-2017-18251 |
399 |
|
DoS |
2018-03-26 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. |
|
46 |
CVE-2017-18250 |
476 |
|
DoS |
2018-03-26 |
2018-08-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file. |
|
47 |
CVE-2017-18029 |
399 |
|
DoS |
2018-01-12 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. |
|
48 |
CVE-2017-18027 |
399 |
|
DoS |
2018-01-12 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. |
|
49 |
CVE-2017-18022 |
399 |
|
|
2018-01-05 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. |
|
50 |
CVE-2017-18008 |
399 |
|
|
2018-01-01 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. |
