CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick » Imagemagick » 6.2.8.1 : Security Vulnerabilities

Cpe Name:cpe:/a:imagemagick:imagemagick:6.2.8.1
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-14981 369 DoS 2019-08-12 2019-08-16
4.3
 None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
2 CVE-2019-14980 416 DoS 2019-08-12 2019-08-16
4.3
 None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
3 CVE-2019-13137 399 2019-07-01 2019-08-21
4.3
 None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
4 CVE-2019-13136 190 Overflow 2019-07-01 2019-08-21
6.8
 None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
5 CVE-2019-13135 20 2019-07-01 2019-08-16
6.8
 None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
6 CVE-2019-13134 399 2019-07-01 2019-08-21
4.3
 None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
7 CVE-2019-13133 399 2019-07-01 2019-08-21
4.3
 None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
8 CVE-2019-10714 125 2019-04-02 2019-04-03
4.3
 None Remote Medium Not required None None Partial
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
9 CVE-2019-10131 119 Overflow 2019-04-30 2019-05-21
3.6
 None Local Low Not required Partial None Partial
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
10 CVE-2019-7398 399 2019-02-04 2019-05-03
5.0
 None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
11 CVE-2019-7397 399 2019-02-04 2019-05-03
5.0
 None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
12 CVE-2019-7396 399 2019-02-04 2019-06-25
5.0
 None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
13 CVE-2019-7395 399 2019-02-04 2019-05-03
5.0
 None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
14 CVE-2019-7175 399 2019-03-07 2019-05-03
5.0
 None Remote Low Not required None None Partial
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
15 CVE-2018-20467 835 DoS 2018-12-25 2019-10-02
4.3
 None Remote Medium Not required None None Partial
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
16 CVE-2018-16329 476 2018-09-01 2018-10-25
7.5
 None Remote Low Not required Partial Partial Partial
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
17 CVE-2018-16328 476 2018-09-01 2018-10-25
7.5
 None Remote Low Not required Partial Partial Partial
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
18 CVE-2018-16323 200 +Info 2018-09-01 2019-06-25
4.3
 None Remote Medium Not required Partial None None
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
19 CVE-2018-6405 772 DoS 2018-01-30 2019-10-02
4.3
 None Remote Medium Not required None None Partial
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
20 CVE-2017-17504 125 2017-12-10 2019-10-02
4.3
 None Remote Medium Not required None None Partial
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
21 CVE-2017-17499 416 2017-12-10 2019-04-16
7.5
 None Remote Low Not required Partial Partial Partial
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
22 CVE-2015-8903 20 DoS 2017-02-27 2017-02-28
4.3
 None Remote Medium Not required None None Partial
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
23 CVE-2015-8902 20 DoS 2017-02-27 2017-02-28
4.3
 None Remote Medium Not required None None Partial
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
24 CVE-2015-8901 20 DoS 2017-02-27 2017-02-28
4.3
 None Remote Medium Not required None None Partial
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
25 CVE-2015-8900 20 DoS 2017-02-27 2017-02-28
4.3
 None Remote Medium Not required None None Partial
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
26 CVE-2012-1798 119 DoS Overflow 2012-06-05 2017-08-28
4.3
 None Remote Medium Not required None None Partial
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
27 CVE-2012-1610 189 DoS Overflow 2012-06-05 2017-08-28
4.3
 None Remote Medium Not required None None Partial
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.
28 CVE-2012-1186 119 DoS Overflow 2012-06-05 2017-08-28
4.3
 None Remote Medium Not required None None Partial
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
29 CVE-2012-1185 189 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2017-08-28
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
30 CVE-2012-0260 399 DoS 2012-06-05 2017-08-28
5.0
 None Remote Low Not required None None Partial
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
31 CVE-2012-0259 119 DoS Overflow 2012-06-05 2017-08-28
4.3
 None Remote Medium Not required None None Partial
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
32 CVE-2012-0248 119 DoS Overflow 2012-06-05 2012-11-26
4.3
 None Remote Medium Not required None None Partial
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
33 CVE-2012-0247 119 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2012-11-26
9.3
 None Remote Medium Not required Complete Complete Complete
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
34 CVE-2008-1097 399 DoS Exec Code Overflow Mem. Corr. 2008-03-05 2017-09-28
6.8
 User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
35 CVE-2008-1096 119 DoS Exec Code Overflow 2008-03-05 2017-09-28
6.8
 None Remote Medium Not required Partial Partial Partial
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
Total number of vulnerabilities : 35   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.