| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-1114 |
416 |
|
DoS |
2022-04-29 |
2022-05-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. |
|
2 |
CVE-2021-20313 |
|
|
|
2021-05-11 |
2022-10-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. |
|
3 |
CVE-2021-3610 |
125 |
|
Overflow |
2022-02-24 |
2022-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. |
|
4 |
CVE-2020-27752 |
787 |
|
Overflow |
2020-12-08 |
2021-04-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. |
|
5 |
CVE-2020-25664 |
787 |
|
|
2020-12-08 |
2021-12-16 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. |
|
6 |
CVE-2020-13902 |
125 |
|
|
2020-06-07 |
2020-06-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. |
|
7 |
CVE-2019-11598 |
125 |
|
DoS |
2019-04-29 |
2020-09-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. |
|
8 |
CVE-2019-11597 |
125 |
|
DoS |
2019-04-29 |
2020-08-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. |
|
9 |
CVE-2019-10650 |
125 |
|
DoS |
2019-03-30 |
2019-05-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. |
|
10 |
CVE-2019-7398 |
401 |
|
|
2019-02-05 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. |
|
11 |
CVE-2019-7397 |
401 |
|
|
2019-02-05 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. |
|
12 |
CVE-2019-7396 |
401 |
|
|
2019-02-05 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. |
|
13 |
CVE-2019-7395 |
401 |
|
|
2019-02-05 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. |
|
14 |
CVE-2019-7175 |
401 |
|
|
2019-03-07 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. |
|
15 |
CVE-2017-15033 |
772 |
|
|
2017-10-05 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. |
|
16 |
CVE-2017-14739 |
476 |
|
DoS |
2017-09-26 |
2020-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. |
|
17 |
CVE-2017-14607 |
125 |
|
|
2017-09-20 |
2019-04-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. |
|
18 |
CVE-2017-14137 |
400 |
|
|
2017-09-04 |
2019-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. |
|
19 |
CVE-2017-13143 |
200 |
|
+Info |
2017-08-23 |
2018-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. |
|
20 |
CVE-2017-12806 |
400 |
|
DoS |
2019-05-09 |
2020-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. |
|
21 |
CVE-2017-12805 |
400 |
|
DoS |
2019-05-09 |
2020-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. |
|
22 |
CVE-2017-12428 |
772 |
|
DoS |
2017-08-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c. |
|
23 |
CVE-2017-12418 |
772 |
|
|
2017-08-04 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. |
|
24 |
CVE-2017-9098 |
908 |
|
+Info |
2017-05-19 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. |
|
25 |
CVE-2017-7619 |
835 |
|
|
2017-04-10 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. |
|
26 |
CVE-2017-6497 |
476 |
|
|
2017-03-06 |
2019-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). |
|
27 |
CVE-2016-10067 |
119 |
|
DoS Overflow |
2017-03-02 |
2017-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. |
|
28 |
CVE-2016-10048 |
22 |
|
Dir. Trav. |
2017-03-23 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. |
|
29 |
CVE-2016-6823 |
190 |
|
DoS Overflow |
2017-01-18 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. |
|
30 |
CVE-2016-5842 |
125 |
|
+Info |
2016-12-13 |
2021-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. |
|
31 |
CVE-2016-3715 |
284 |
|
|
2016-05-05 |
2023-02-12 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. |
|
32 |
CVE-2015-8895 |
190 |
|
DoS Overflow |
2017-03-15 |
2018-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. |
|
33 |
CVE-2014-9854 |
399 |
|
DoS |
2017-03-17 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." |
|
34 |
CVE-2014-9851 |
20 |
|
DoS |
2017-03-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). |
|
35 |
CVE-2014-9850 |
399 |
|
DoS |
2017-03-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). |
|
36 |
CVE-2014-9849 |
400 |
|
DoS |
2017-03-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). |
|
37 |
CVE-2014-9848 |
399 |
|
DoS |
2017-03-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). |
|
38 |
CVE-2014-9842 |
400 |
|
DoS |
2017-03-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
|
39 |
CVE-2014-9839 |
119 |
|
DoS Overflow |
2017-03-22 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). |
|
40 |
CVE-2014-9804 |
|
|
DoS |
2017-03-30 |
2017-04-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." |
|
41 |
CVE-2012-1610 |
190 |
|
DoS Overflow |
2012-06-05 |
2020-08-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. |
|
42 |
CVE-2006-5456 |
119 |
|
DoS Exec Code Overflow |
2006-10-23 |
2018-10-17 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. |
|
43 |
CVE-2006-3744 |
189 |
|
Exec Code Overflow |
2006-08-25 |
2017-10-11 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. |
|
44 |
CVE-2006-3743 |
|
|
Exec Code Overflow |
2006-08-25 |
2017-10-11 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. |
|
45 |
CVE-2006-0082 |
134 |
|
DoS Exec Code |
2006-01-04 |
2018-10-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. |
|
46 |
CVE-2005-1739 |
|
|
DoS |
2005-05-24 |
2018-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. |
|
47 |
CVE-2005-1275 |
|
|
DoS Overflow |
2005-04-25 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. |
|
48 |
CVE-2005-0761 |
|
|
DoS |
2005-03-23 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file. |
|
49 |
CVE-2005-0760 |
|
|
DoS |
2005-05-02 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. |
|
50 |
CVE-2005-0759 |
|
|
DoS |
2005-03-23 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag. |
