CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-18544 399 2018-10-20 2018-11-20
4.3
None Remote Medium Not required None None Partial
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
2 CVE-2018-18025 125 DoS 2018-10-07 2018-11-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
3 CVE-2018-18024 400 DoS 2018-10-07 2018-10-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
4 CVE-2018-18023 125 DoS 2018-10-07 2018-10-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
5 CVE-2018-18016 399 2018-10-05 2018-10-25
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
6 CVE-2018-17967 399 2018-10-03 2018-10-25
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
7 CVE-2018-17966 399 2018-10-03 2018-10-25
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
8 CVE-2018-17965 399 2018-10-03 2018-10-25
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.
9 CVE-2018-16750 399 2018-09-09 2018-10-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
10 CVE-2018-16749 476 DoS 2018-09-09 2018-10-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
11 CVE-2018-16645 399 DoS 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
12 CVE-2018-16644 20 DoS 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
13 CVE-2018-16643 20 DoS 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
14 CVE-2018-16642 787 DoS 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
15 CVE-2018-16641 399 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.
16 CVE-2018-16640 399 2018-09-06 2018-10-25
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
17 CVE-2018-16323 200 +Info 2018-09-01 2018-11-21
4.3
None Remote Medium Not required Partial None None
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
18 CVE-2018-14437 399 2018-07-19 2018-10-05
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
19 CVE-2018-14436 399 2018-07-19 2018-10-05
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
20 CVE-2018-14435 399 2018-07-19 2018-10-05
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
21 CVE-2018-14434 399 2018-07-19 2018-10-05
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
22 CVE-2018-13153 399 2018-07-04 2018-08-27
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
23 CVE-2018-11656 399 DoS 2018-06-01 2018-06-27
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
24 CVE-2018-11655 399 DoS 2018-06-01 2018-06-27
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
25 CVE-2018-11251 119 DoS Overflow 2018-05-18 2018-07-27
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
26 CVE-2018-10805 400 2018-05-08 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
27 CVE-2018-10804 400 2018-05-08 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
28 CVE-2018-10177 399 DoS 2018-04-16 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
29 CVE-2018-9133 399 DoS 2018-03-30 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
30 CVE-2018-7470 119 DoS Overflow 2018-02-25 2018-03-17
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
31 CVE-2018-7443 399 DoS 2018-02-23 2018-06-13
4.3
None Remote Medium Not required None None Partial
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
32 CVE-2018-6930 119 DoS Overflow 2018-02-13 2018-03-16
4.3
None Remote Medium Not required None None Partial
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.
33 CVE-2018-6876 119 DoS Overflow 2018-02-09 2018-03-08
4.3
None Remote Medium Not required None None Partial
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.
34 CVE-2018-6405 399 DoS 2018-01-30 2018-06-13
4.3
None Remote Medium Not required None None Partial
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
35 CVE-2018-5358 399 2018-01-12 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.
36 CVE-2018-5357 399 2018-01-12 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
37 CVE-2018-5247 399 2018-01-05 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
38 CVE-2018-5246 399 2018-01-05 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
39 CVE-2017-1000445 476 DoS 2018-01-02 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
40 CVE-2017-18272 416 DoS 2018-05-18 2018-06-15
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
41 CVE-2017-18254 399 DoS 2018-03-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
42 CVE-2017-18253 476 DoS 2018-03-26 2018-03-30
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
43 CVE-2017-18252 20 DoS 2018-03-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
44 CVE-2017-18251 399 DoS 2018-03-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
45 CVE-2017-18250 476 DoS 2018-03-26 2018-08-09
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
46 CVE-2017-18029 399 DoS 2018-01-12 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
47 CVE-2017-18027 399 DoS 2018-01-12 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
48 CVE-2017-18022 399 2018-01-05 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
49 CVE-2017-18008 399 2018-01-01 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
50 CVE-2017-17887 399 DoS 2017-12-27 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
Total number of vulnerabilities : 269   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.