Imagemagick » Imagemagick : Security Vulnerabilities, CVEs, Published In 2019 (Denial of service)
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
Max CVSS
6.5
EPSS Score
0.18%
Published
2019-11-11
Updated
2021-04-28
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
Max CVSS
6.5
EPSS Score
0.13%
Published
2019-08-18
Updated
2023-03-03
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
Max CVSS
8.8
EPSS Score
2.69%
Published
2019-08-18
Updated
2020-07-03
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
Max CVSS
6.5
EPSS Score
0.72%
Published
2019-08-18
Updated
2020-09-08
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
Max CVSS
6.5
EPSS Score
1.23%
Published
2019-08-12
Updated
2020-08-19
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
Max CVSS
6.5
EPSS Score
0.42%
Published
2019-08-12
Updated
2023-03-02
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
Max CVSS
5.5
EPSS Score
0.21%
Published
2019-06-26
Updated
2020-08-19
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
Max CVSS
8.1
EPSS Score
2.33%
Published
2019-04-29
Updated
2020-09-08
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
4.94%
Published
2019-04-29
Updated
2020-08-19
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
Max CVSS
6.5
EPSS Score
1.45%
Published
2019-04-23
Updated
2020-08-19
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
Max CVSS
7.1
EPSS Score
1.47%
Published
2019-04-23
Updated
2020-08-19
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
Max CVSS
8.1
EPSS Score
1.20%
Published
2019-03-30
Updated
2019-05-14
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
Max CVSS
5.5
EPSS Score
0.14%
Published
2019-03-30
Updated
2023-02-23
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
Max CVSS
8.8
EPSS Score
0.99%
Published
2019-03-24
Updated
2020-08-24
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
Max CVSS
7.5
EPSS Score
0.94%
Published
2019-05-09
Updated
2020-09-08
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
Max CVSS
7.5
EPSS Score
0.94%
Published
2019-05-09
Updated
2020-08-19
imagemagick 6.8.9.6 has remote DOS via infinite loop
Max CVSS
6.5
EPSS Score
0.43%
Published
2019-12-15
Updated
2019-12-19
17 vulnerabilities found