CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick » Imagemagick : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-15140 416 DoS 2019-08-18 2019-08-28
6.8
None Remote Medium Not required Partial Partial Partial
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
2 CVE-2019-13391 125 2019-07-07 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
3 CVE-2019-13308 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
4 CVE-2019-13307 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
5 CVE-2019-13306 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
6 CVE-2019-13305 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
7 CVE-2019-13304 119 Overflow 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
8 CVE-2019-13303 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
9 CVE-2019-13302 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
10 CVE-2019-13300 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
11 CVE-2019-13299 125 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
12 CVE-2019-13298 119 Overflow 2019-07-04 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
13 CVE-2019-13297 125 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
14 CVE-2019-13295 125 2019-07-04 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
15 CVE-2019-13136 190 Overflow 2019-07-01 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
16 CVE-2019-13135 20 2019-07-01 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
17 CVE-2019-12979 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
18 CVE-2019-12978 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
19 CVE-2019-12977 665 2019-06-26 2019-06-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
20 CVE-2019-9956 119 DoS Exec Code Overflow 2019-03-23 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
21 CVE-2018-16413 125 2018-09-03 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
22 CVE-2018-16412 125 2018-09-03 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
23 CVE-2018-12600 787 2018-06-20 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
24 CVE-2018-12599 787 2018-06-20 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
25 CVE-2018-11625 125 2018-05-31 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
26 CVE-2018-11624 416 2018-05-31 2018-06-06
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
27 CVE-2018-9135 125 2018-03-30 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
28 CVE-2018-8960 125 2018-03-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
29 CVE-2018-8804 415 DoS 2018-03-20 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
30 CVE-2018-5248 119 Overflow 2018-01-05 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
31 CVE-2017-18209 476 2018-03-01 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
32 CVE-2017-17880 125 2017-12-27 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
33 CVE-2017-17879 125 2017-12-27 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
34 CVE-2017-16546 119 DoS Overflow 2017-11-05 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
35 CVE-2017-15281 119 DoS Overflow 2017-10-12 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
36 CVE-2017-15017 476 2017-10-04 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
37 CVE-2017-15016 476 2017-10-04 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
38 CVE-2017-15015 476 2017-10-04 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
39 CVE-2017-14682 119 DoS Overflow 2017-09-21 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
40 CVE-2017-14224 119 DoS Exec Code Overflow 2017-09-08 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
41 CVE-2017-13146 772 2017-08-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
42 CVE-2017-12983 119 DoS Overflow 2017-08-21 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
43 CVE-2017-12669 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
44 CVE-2017-12668 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
45 CVE-2017-12667 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
46 CVE-2017-12666 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
47 CVE-2017-12665 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
48 CVE-2017-12664 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
49 CVE-2017-12663 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
50 CVE-2017-12662 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
Total number of vulnerabilities : 106   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.