# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-14981 |
369 |
|
DoS |
2019-08-12 |
2019-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. |
2 |
CVE-2019-14980 |
416 |
|
DoS |
2019-08-12 |
2019-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. |
3 |
CVE-2019-13137 |
399 |
|
|
2019-07-01 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. |
4 |
CVE-2019-13136 |
190 |
|
Overflow |
2019-07-01 |
2019-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. |
5 |
CVE-2019-13135 |
20 |
|
|
2019-07-01 |
2019-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. |
6 |
CVE-2019-13134 |
399 |
|
|
2019-07-01 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. |
7 |
CVE-2019-13133 |
399 |
|
|
2019-07-01 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. |
8 |
CVE-2019-10714 |
125 |
|
|
2019-04-02 |
2019-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. |
9 |
CVE-2019-10131 |
119 |
|
Overflow |
2019-04-30 |
2019-05-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. |
10 |
CVE-2019-7398 |
399 |
|
|
2019-02-04 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. |
11 |
CVE-2019-7397 |
399 |
|
|
2019-02-04 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. |
12 |
CVE-2019-7396 |
399 |
|
|
2019-02-04 |
2019-06-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. |
13 |
CVE-2019-7395 |
399 |
|
|
2019-02-04 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. |
14 |
CVE-2019-7175 |
399 |
|
|
2019-03-07 |
2019-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. |
15 |
CVE-2018-20467 |
835 |
|
DoS |
2018-12-25 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. |
16 |
CVE-2018-16329 |
476 |
|
|
2018-09-01 |
2018-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. |
17 |
CVE-2018-16328 |
476 |
|
|
2018-09-01 |
2018-10-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. |
18 |
CVE-2018-16323 |
200 |
|
+Info |
2018-09-01 |
2019-06-25 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. |
19 |
CVE-2018-6405 |
772 |
|
DoS |
2018-01-30 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. |
20 |
CVE-2017-17504 |
125 |
|
|
2017-12-10 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. |
21 |
CVE-2017-17499 |
416 |
|
|
2017-12-10 |
2019-04-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. |
22 |
CVE-2015-8903 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. |
23 |
CVE-2015-8902 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. |
24 |
CVE-2015-8901 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. |
25 |
CVE-2015-8900 |
20 |
|
DoS |
2017-02-27 |
2017-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. |
26 |
CVE-2012-1798 |
119 |
|
DoS Overflow |
2012-06-05 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. |
27 |
CVE-2012-1610 |
189 |
|
DoS Overflow |
2012-06-05 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. |
28 |
CVE-2012-1186 |
119 |
|
DoS Overflow |
2012-06-05 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. |
29 |
CVE-2012-1185 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-06-05 |
2017-08-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. |
30 |
CVE-2012-0260 |
399 |
|
DoS |
2012-06-05 |
2017-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. |
31 |
CVE-2012-0259 |
119 |
|
DoS Overflow |
2012-06-05 |
2017-08-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. |
32 |
CVE-2012-0248 |
119 |
|
DoS Overflow |
2012-06-05 |
2012-11-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. |
33 |
CVE-2012-0247 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-06-05 |
2012-11-26 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. |
34 |
CVE-2008-1097 |
399 |
|
DoS Exec Code Overflow Mem. Corr. |
2008-03-05 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. |
35 |
CVE-2008-1096 |
119 |
|
DoS Exec Code Overflow |
2008-03-05 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. |