CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick » Imagemagick » 7.0.6-1 : Security Vulnerabilities

Cpe Name:cpe:/a:imagemagick:imagemagick:7.0.6-1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-6405 399 DoS 2018-01-30 2018-06-13
4.3
None Remote Medium Not required None None Partial
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
2 CVE-2017-17504 119 Overflow 2017-12-10 2018-06-13
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
3 CVE-2017-17499 416 2017-12-10 2018-06-13
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
4 CVE-2017-15277 200 +Info 2017-10-12 2018-10-18
4.3
None Remote Medium Not required Partial None None
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
5 CVE-2017-14175 399 2017-09-07 2018-06-13
7.1
None Remote Medium Not required None None Complete
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
6 CVE-2017-13658 20 DoS 2017-08-24 2017-08-25
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
7 CVE-2017-13141 119 Overflow 2017-08-23 2017-11-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
8 CVE-2017-13140 119 DoS Overflow 2017-08-23 2017-11-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
9 CVE-2017-12667 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
10 CVE-2017-12644 119 Overflow 2017-08-07 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
11 CVE-2017-12643 399 2017-08-07 2018-06-13
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
12 CVE-2017-12642 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
13 CVE-2017-12641 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
14 CVE-2017-12640 125 2017-08-07 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
15 CVE-2017-12587 20 2017-08-06 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
16 CVE-2017-12435 399 DoS 2017-08-04 2018-06-13
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
17 CVE-2017-12434 20 DoS 2017-08-04 2017-11-06
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
18 CVE-2017-12433 119 DoS Overflow 2017-08-04 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
19 CVE-2017-12432 399 DoS 2017-08-04 2018-06-13
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
20 CVE-2017-12431 416 DoS 2017-08-04 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
21 CVE-2017-12430 399 DoS 2017-08-04 2018-06-13
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
22 CVE-2017-12429 399 DoS 2017-08-04 2018-06-13
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
23 CVE-2017-12428 119 DoS Overflow 2017-08-04 2017-11-06
5.0
None Remote Low Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
24 CVE-2017-12427 119 DoS Overflow 2017-08-04 2017-11-12
4.3
None Remote Medium Not required None None Partial
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
25 CVE-2017-12140 399 2017-08-02 2018-06-13
7.1
None Remote Medium Not required None None Complete
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
26 CVE-2017-11724 399 2017-07-29 2018-07-04
4.3
None Remote Medium Not required None None Partial
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
27 CVE-2017-11644 119 Overflow 2017-07-26 2017-07-31
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
28 CVE-2017-11640 119 Overflow 2017-07-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
29 CVE-2017-11639 119 Overflow 2017-07-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
30 CVE-2017-11540 119 Overflow 2017-07-22 2017-07-28
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
31 CVE-2017-11539 119 Overflow 2017-07-22 2017-07-28
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.
32 CVE-2017-11538 119 Overflow 2017-07-22 2017-07-31
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.
33 CVE-2017-11537 189 2017-07-22 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
34 CVE-2017-11536 200 +Info 2017-07-22 2017-07-29
4.3
None Remote Medium Not required Partial None None
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.
35 CVE-2017-11535 119 Overflow 2017-07-22 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.
36 CVE-2017-11534 119 Overflow 2017-07-22 2017-07-31
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
37 CVE-2017-11533 119 Overflow 2017-07-22 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
38 CVE-2017-11532 119 Overflow 2017-07-22 2017-07-31
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
39 CVE-2017-11531 119 Overflow 2017-07-22 2017-07-31
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
40 CVE-2017-11525 399 DoS 2017-07-22 2017-07-26
7.1
None Remote Medium Not required None None Complete
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
41 CVE-2017-11523 399 DoS 2017-07-22 2017-11-06
7.1
None Remote Medium Not required None None Complete
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
42 CVE-2017-11522 476 DoS 2017-07-22 2017-07-26
4.3
None Remote Medium Not required None None Partial
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
43 CVE-2017-11505 399 DoS 2017-07-21 2017-07-25
7.1
None Remote Medium Not required None None Complete
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
44 CVE-2017-11478 399 DoS 2017-07-20 2017-07-25
7.1
None Remote Medium Not required None None Complete
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
45 CVE-2017-11446 399 2017-07-19 2017-11-06
7.1
None Remote Medium Not required None None Complete
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
46 CVE-2017-11360 20 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None None Partial
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
47 CVE-2017-11310 119 Overflow 2017-07-13 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
Total number of vulnerabilities : 47   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.