CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-19952 416 2019-12-24 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
2 CVE-2019-19949 125 2019-12-24 2020-09-30
6.4
None Remote Low Not required Partial None Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
3 CVE-2019-19948 787 Overflow 2019-12-24 2020-09-30
7.5
None Remote Low Not required Partial Partial Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
4 CVE-2019-18853 674 DoS 2019-11-11 2021-04-28
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
5 CVE-2019-17547 416 2019-10-14 2019-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
6 CVE-2019-17541 416 2019-10-14 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
7 CVE-2019-17540 787 Overflow 2019-10-14 2021-04-20
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
8 CVE-2019-16713 772 2019-09-23 2020-07-01
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
9 CVE-2019-16712 772 2019-09-23 2019-11-15
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
10 CVE-2019-16711 772 2019-09-23 2020-07-01
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
11 CVE-2019-16710 772 2019-09-23 2020-07-01
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
12 CVE-2019-16709 772 2019-09-23 2019-10-16
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
13 CVE-2019-16708 772 2019-09-23 2020-07-01
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
14 CVE-2019-15141 125 2019-08-18 2019-11-15
4.3
None Remote Medium Not required None None Partial
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
15 CVE-2019-15140 416 DoS 2019-08-18 2020-07-03
6.8
None Remote Medium Not required Partial Partial Partial
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
16 CVE-2019-15139 125 2019-08-18 2020-09-08
4.3
None Remote Medium Not required None None Partial
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
17 CVE-2019-14981 369 DoS 2019-08-12 2020-08-19
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
18 CVE-2019-14980 416 DoS 2019-08-12 2019-11-15
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
19 CVE-2019-13454 369 2019-07-09 2020-08-19
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
20 CVE-2019-13391 125 2019-07-07 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
21 CVE-2019-13311 401 2019-07-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
22 CVE-2019-13310 401 2019-07-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
23 CVE-2019-13309 401 2019-07-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
24 CVE-2019-13308 787 Overflow 2019-07-05 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
25 CVE-2019-13307 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
26 CVE-2019-13306 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
27 CVE-2019-13305 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
28 CVE-2019-13304 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
29 CVE-2019-13303 125 2019-07-05 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
30 CVE-2019-13302 125 2019-07-05 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
31 CVE-2019-13301 401 2019-07-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
32 CVE-2019-13300 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
33 CVE-2019-13299 125 2019-07-05 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
34 CVE-2019-13298 787 Overflow 2019-07-05 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
35 CVE-2019-13297 125 2019-07-05 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
36 CVE-2019-13296 401 2019-07-05 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
37 CVE-2019-13295 125 2019-07-05 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
38 CVE-2019-13137 401 2019-07-01 2021-04-28
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
39 CVE-2019-13136 190 Overflow 2019-07-01 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
40 CVE-2019-13135 908 2019-07-01 2021-04-28
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
41 CVE-2019-13134 401 2019-07-01 2021-06-02
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
42 CVE-2019-13133 401 2019-07-01 2021-06-02
4.3
None Remote Medium Not required None None Partial
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
43 CVE-2019-12979 665 2019-06-26 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
44 CVE-2019-12978 665 2019-06-26 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
45 CVE-2019-12977 665 2019-06-26 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
46 CVE-2019-12976 401 2019-06-26 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
47 CVE-2019-12975 401 2019-06-26 2020-08-24
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
48 CVE-2019-12974 476 DoS 2019-06-26 2020-08-19
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
49 CVE-2019-11598 125 DoS 2019-04-29 2020-09-08
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
50 CVE-2019-11597 125 DoS 2019-04-29 2020-08-19
5.8
None Remote Medium Not required Partial None Partial
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
Total number of vulnerabilities : 65   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.