|
Imagemagick » Imagemagick : Security Vulnerabilities (CVSS score >= 9)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2016-3714 |
20 |
|
Exec Code |
2016-05-05 |
2023-02-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. |
2 |
CVE-2009-1882 |
189 |
|
DoS Exec Code Overflow |
2009-06-02 |
2018-10-10 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. |
3 |
CVE-2007-4987 |
189 |
|
Exec Code |
2007-09-24 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. |
4 |
CVE-2007-1667 |
189 |
|
DoS Overflow +Info |
2007-03-24 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. |
5 |
CVE-2007-0770 |
|
|
DoS Exec Code Overflow |
2007-02-12 |
2018-10-16 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. |
6 |
CVE-2006-5868 |
|
|
Overflow |
2006-11-22 |
2018-10-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. |
7 |
CVE-2004-0981 |
|
|
Exec Code Overflow |
2005-02-09 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file. |
Total number of vulnerabilities : 7
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.