CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick » Imagemagick » 7.0.6-1 : Security Vulnerabilities

Cpe Name:cpe:/a:imagemagick:imagemagick:7.0.6-1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-14981 369 DoS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
2 CVE-2019-14980 416 DoS 2019-08-12 2019-08-16
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
3 CVE-2019-13137 399 2019-07-01 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
4 CVE-2019-13136 190 Overflow 2019-07-01 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
5 CVE-2019-13135 20 2019-07-01 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
6 CVE-2019-13134 399 2019-07-01 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
7 CVE-2019-13133 399 2019-07-01 2019-08-21
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
8 CVE-2019-10714 125 2019-04-02 2019-04-03
4.3
None Remote Medium Not required None None Partial
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
9 CVE-2019-10131 119 Overflow 2019-04-30 2019-05-21
3.6
None Local Low Not required Partial None Partial
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
10 CVE-2019-7398 399 2019-02-04 2019-05-03
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
11 CVE-2019-7397 399 2019-02-04 2019-05-03
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
12 CVE-2019-7396 399 2019-02-04 2019-06-25
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
13 CVE-2019-7395 399 2019-02-04 2019-05-03
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
14 CVE-2019-7175 399 2019-03-07 2019-05-03
5.0
None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
15 CVE-2018-20467 835 DoS 2018-12-25 2019-10-02
4.3
None Remote Medium Not required None None Partial
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
16 CVE-2018-16329 476 2018-09-01 2018-10-25
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
17 CVE-2018-16328 476 2018-09-01 2018-10-25
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
18 CVE-2018-16323 200 +Info 2018-09-01 2019-06-25
4.3
None Remote Medium Not required Partial None None
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
19 CVE-2018-6405 772 DoS 2018-01-30 2019-10-02
4.3
None Remote Medium Not required None None Partial
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
20 CVE-2017-17504 125 2017-12-10 2019-10-02
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
21 CVE-2017-17499 416 2017-12-10 2019-04-16
7.5
None Remote Low Not required Partial Partial Partial
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
22 CVE-2017-15277 200 +Info 2017-10-12 2018-10-18
4.3
None Remote Medium Not required Partial None None
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
23 CVE-2017-14175 834 2017-09-07 2019-10-02
7.1
None Remote Medium Not required None None Complete
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
24 CVE-2017-13658 617 DoS 2017-08-24 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
25 CVE-2017-13141 772 2017-08-23 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
26 CVE-2017-13140 119 DoS Overflow 2017-08-23 2017-11-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
27 CVE-2017-12667 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
28 CVE-2017-12644 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
29 CVE-2017-12643 770 2017-08-07 2019-10-02
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
30 CVE-2017-12642 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
31 CVE-2017-12641 772 2017-08-07 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
32 CVE-2017-12640 125 2017-08-07 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
33 CVE-2017-12587 834 2017-08-06 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
34 CVE-2017-12435 770 DoS 2017-08-04 2019-10-02
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
35 CVE-2017-12434 617 DoS 2017-08-04 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
36 CVE-2017-12433 772 DoS 2017-08-04 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
37 CVE-2017-12432 770 DoS 2017-08-04 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
38 CVE-2017-12431 416 DoS 2017-08-04 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
39 CVE-2017-12430 770 DoS 2017-08-04 2019-10-02
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
40 CVE-2017-12429 770 DoS 2017-08-04 2019-10-02
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
41 CVE-2017-12428 772 DoS 2017-08-04 2019-10-02
5.0
None Remote Low Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
42 CVE-2017-12427 772 DoS 2017-08-04 2019-10-02
4.3
None Remote Medium Not required None None Partial
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
43 CVE-2017-12140 400 2017-08-02 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
44 CVE-2017-11724 772 2017-07-29 2019-10-02
4.3
None Remote Medium Not required None None Partial
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
45 CVE-2017-11644 772 2017-07-26 2019-10-02
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
46 CVE-2017-11640 119 Overflow 2017-07-26 2018-06-13
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
47 CVE-2017-11639 125 2017-07-26 2019-10-02
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
48 CVE-2017-11540 125 2017-07-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
49 CVE-2017-11539 772 2017-07-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.
50 CVE-2017-11538 772 2017-07-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.
Total number of vulnerabilities : 65   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.