CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities Published In 2017 (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-17914 834 DoS 2017-12-27 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
2 CVE-2017-17887 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
3 CVE-2017-17886 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
4 CVE-2017-17885 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
5 CVE-2017-17884 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
6 CVE-2017-17883 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
7 CVE-2017-17882 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
8 CVE-2017-17881 772 DoS 2017-12-27 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
9 CVE-2017-17682 400 DoS 2017-12-14 2019-05-14
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
10 CVE-2017-17681 835 DoS 2017-12-14 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
11 CVE-2017-17680 772 DoS 2017-12-14 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
12 CVE-2017-16546 119 DoS Overflow 2017-11-05 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
13 CVE-2017-15281 119 DoS Overflow 2017-10-12 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
14 CVE-2017-14741 835 DoS 2017-09-25 2019-10-02
4.3
None Remote Medium Not required None None Partial
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
15 CVE-2017-14739 476 DoS 2017-09-25 2019-05-14
5.0
None Remote Low Not required None None Partial
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
16 CVE-2017-14684 772 DoS 2017-09-21 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
17 CVE-2017-14682 119 DoS Overflow 2017-09-21 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
18 CVE-2017-14528 416 DoS 2017-09-17 2017-09-20
4.3
None Remote Medium Not required None None Partial
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
19 CVE-2017-14505 476 DoS 2017-09-17 2019-05-14
4.3
None Remote Medium Not required None None Partial
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
20 CVE-2017-14400 476 DoS 2017-09-12 2019-05-14
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
21 CVE-2017-14326 772 DoS 2017-09-12 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
22 CVE-2017-14325 772 DoS 2017-09-12 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
23 CVE-2017-14324 772 DoS 2017-09-12 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
24 CVE-2017-14249 369 DoS 2017-09-11 2019-05-14
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
25 CVE-2017-14248 125 DoS 2017-09-11 2019-10-02
4.3
None Remote Medium Not required None None Partial
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
26 CVE-2017-14224 119 DoS Exec Code Overflow 2017-09-08 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
27 CVE-2017-14060 476 DoS 2017-08-31 2019-05-14
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
28 CVE-2017-13769 125 DoS 2017-08-30 2019-10-02
4.3
None Remote Medium Not required None None Partial
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
29 CVE-2017-13768 476 DoS 2017-08-30 2019-05-14
4.3
None Remote Medium Not required None None Partial
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
30 CVE-2017-13658 617 DoS 2017-08-24 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
31 CVE-2017-13140 119 DoS Overflow 2017-08-23 2017-11-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
32 CVE-2017-13134 125 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
33 CVE-2017-13133 770 DoS 2017-08-22 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
34 CVE-2017-13132 617 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
35 CVE-2017-13131 772 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.
36 CVE-2017-13062 772 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.
37 CVE-2017-13061 20 DoS 2017-08-22 2018-06-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.
38 CVE-2017-13060 772 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
39 CVE-2017-13059 772 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.
40 CVE-2017-13058 772 DoS 2017-08-22 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
41 CVE-2017-12983 119 DoS Overflow 2017-08-21 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
42 CVE-2017-12877 416 DoS 2017-08-28 2018-06-13
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
43 CVE-2017-12876 119 DoS Overflow 2017-08-28 2017-11-12
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
44 CVE-2017-12875 770 DoS 2017-08-29 2019-10-02
7.1
None Remote Medium Not required None None Complete
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
45 CVE-2017-12693 770 DoS 2017-09-01 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
46 CVE-2017-12692 770 DoS 2017-09-01 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
47 CVE-2017-12691 770 DoS 2017-09-01 2019-10-02
7.1
None Remote Medium Not required None None Complete
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
48 CVE-2017-12676 20 DoS 2017-08-07 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
49 CVE-2017-12675 772 DoS 2017-08-07 2019-10-02
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
50 CVE-2017-12674 834 DoS 2017-08-07 2019-10-02
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
Total number of vulnerabilities : 229   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.