Total
645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9298 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. | |||||
| CVE-2016-7906 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. | |||||
| CVE-2017-13133 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. | |||||
| CVE-2017-14533 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | |||||
| CVE-2016-10067 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | |||||
| CVE-2017-11639 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. | |||||
| CVE-2017-11540 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | |||||
| CVE-2017-14174 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
| In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. | |||||
| CVE-2016-7514 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. | |||||
| CVE-2017-15277 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | |||||
| CVE-2016-10052 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2014-9839 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | |||||
| CVE-2014-9850 | 4 Canonical, Imagemagick, Opensuse and 1 more | 8 Ubuntu Linux, Imagemagick, Opensuse and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | |||||
| CVE-2017-12565 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-12642 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. | |||||
| CVE-2017-12983 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-11644 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. | |||||
| CVE-2016-3714 | 5 Canonical, Debian, Imagemagick and 2 more | 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more | 2025-04-12 | 10.0 HIGH | 8.4 HIGH |
| The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | |||||
| CVE-2016-8707 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. | |||||
| CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |||||