The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | libmagick_library | 5.5 |
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.3 |
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| mandrakesoft | mandrake_linux | 9.2 |
| redhat | enterprise_linux | 3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux_server | 8.0 |
| enlightenment | imlib | 1.9.13 |
| turbolinux | turbolinux_server | 7.0 |
| enlightenment | imlib2 | 1.0.5 |
| redhat | fedora_core | core_3.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.4 |
| enlightenment | imlib | 1.9.5 |
| imagemagick | imagemagick | 5.4.7 |
| redhat | enterprise_linux_desktop | 3.0 |
| sun | java_desktop_system | 2.0 |
| enlightenment | imlib | 1.9.14 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.4.3 |
| enlightenment | imlib | 1.9.9 |
| enlightenment | imlib | 1.9 |
| imagemagick | imagemagick | 5.4.4.5 |
| sun | java_desktop_system | 2003 |
| enlightenment | imlib2 | 1.0.1 |
| enlightenment | imlib | 1.9.12 |
| enlightenment | imlib | 1.9.6 |
| turbolinux | turbolinux_workstation | 8.0 |
| enlightenment | imlib2 | 1.0.4 |
| mandrakesoft | mandrake_linux | 10.0 |
| enlightenment | imlib2 | 1.0 |
| enlightenment | imlib | 1.9.2 |
| suse | suse_linux | 8.2 |
| ubuntu | ubuntu_linux | 4.1 |
| turbolinux | turbolinux_workstation | 7.0 |
| enlightenment | imlib | 1.9.3 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| imagemagick | imagemagick | 5.5.7 |
| redhat | linux_advanced_workstation | 2.1 |
| enlightenment | imlib | 1.9.8 |
| redhat | fedora_core | core_1.0 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.11 |
| conectiva | linux | 10.0 |
| enlightenment | imlib | 1.9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| enlightenment | imlib2 | 1.1 |
| suse | suse_linux | 9.2 |
| redhat | fedora_core | core_2.0 |
| enlightenment | imlib2 | 1.0.2 |
| conectiva | linux | 9.0 |
| enlightenment | imlib2 | 1.0.3 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 6.0.2 |
| enlightenment | imlib2 | 1.1.1 |
| enlightenment | imlib | 1.9.7 |
| enlightenment | imlib | 1.9.10 |
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| mandrakesoft | mandrake_linux | 9.2 |
| redhat | enterprise_linux | 3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux_server | 8.0 |
| enlightenment | imlib | 1.9.13 |
| turbolinux | turbolinux_server | 7.0 |
| enlightenment | imlib2 | 1.0.5 |
| redhat | fedora_core | core_3.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.4 |
| enlightenment | imlib | 1.9.5 |
| imagemagick | imagemagick | 5.4.7 |
| redhat | enterprise_linux_desktop | 3.0 |
| sun | java_desktop_system | 2.0 |
| enlightenment | imlib | 1.9.14 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.4.3 |
| enlightenment | imlib | 1.9.9 |
| enlightenment | imlib | 1.9 |
| imagemagick | imagemagick | 5.4.4.5 |
| sun | java_desktop_system | 2003 |
| enlightenment | imlib2 | 1.0.1 |
| enlightenment | imlib | 1.9.12 |
| enlightenment | imlib | 1.9.6 |
| turbolinux | turbolinux_workstation | 8.0 |
| enlightenment | imlib2 | 1.0.4 |
| mandrakesoft | mandrake_linux | 10.0 |
| enlightenment | imlib2 | 1.0 |
| enlightenment | imlib | 1.9.2 |
| suse | suse_linux | 8.2 |
| ubuntu | ubuntu_linux | 4.1 |
| turbolinux | turbolinux_workstation | 7.0 |
| enlightenment | imlib | 1.9.3 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| imagemagick | imagemagick | 5.5.7 |
| redhat | linux_advanced_workstation | 2.1 |
| enlightenment | imlib | 1.9.8 |
| redhat | fedora_core | core_1.0 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.11 |
| conectiva | linux | 10.0 |
| enlightenment | imlib | 1.9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| enlightenment | imlib2 | 1.1 |
| suse | suse_linux | 9.2 |
| redhat | fedora_core | core_2.0 |
| enlightenment | imlib2 | 1.0.2 |
| conectiva | linux | 9.0 |
| enlightenment | imlib2 | 1.0.3 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 6.0.2 |
| enlightenment | imlib2 | 1.1.1 |
| enlightenment | imlib | 1.9.7 |
| enlightenment | imlib | 1.9.10 |
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| mandrakesoft | mandrake_linux | 9.2 |
| redhat | enterprise_linux | 3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| enlightenment | imlib | 1.9.13 |
| enlightenment | imlib2 | 1.0.5 |
| redhat | fedora_core | core_3.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.4 |
| enlightenment | imlib | 1.9.5 |
| imagemagick | imagemagick | 5.4.7 |
| redhat | enterprise_linux_desktop | 3.0 |
| sun | java_desktop_system | 2.0 |
| enlightenment | imlib | 1.9.14 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.4.3 |
| turbolinux | turbolinux | server_8.0 |
| enlightenment | imlib | 1.9.9 |
| enlightenment | imlib | 1.9 |
| turbolinux | turbolinux | server_7.0 |
| imagemagick | imagemagick | 5.4.4.5 |
| sun | java_desktop_system | 2003 |
| enlightenment | imlib2 | 1.0.1 |
| turbolinux | turbolinux | workstation_7.0 |
| enlightenment | imlib | 1.9.12 |
| enlightenment | imlib | 1.9.6 |
| enlightenment | imlib2 | 1.0.4 |
| mandrakesoft | mandrake_linux | 10.0 |
| enlightenment | imlib2 | 1.0 |
| enlightenment | imlib | 1.9.2 |
| suse | suse_linux | 8.2 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.3 |
| redhat | enterprise_linux | 2.1 |
| suse | suse_linux | 8.1 |
| imagemagick | imagemagick | 5.5.7 |
| redhat | linux_advanced_workstation | 2.1 |
| enlightenment | imlib | 1.9.8 |
| redhat | fedora_core | core_1.0 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 8.0 |
| turbolinux | turbolinux | desktop_10.0 |
| enlightenment | imlib | 1.9.11 |
| conectiva | linux | 10.0 |
| enlightenment | imlib | 1.9.1 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| enlightenment | imlib2 | 1.1 |
| suse | suse_linux | 9.2 |
| turbolinux | turbolinux | workstation_8.0 |
| redhat | fedora_core | core_2.0 |
| enlightenment | imlib2 | 1.0.2 |
| conectiva | linux | 9.0 |
| enlightenment | imlib2 | 1.0.3 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 6.0.2 |
| enlightenment | imlib2 | 1.1.1 |
| enlightenment | imlib | 1.9.7 |
| enlightenment | imlib | 1.9.10 |
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| debian | debian_linux | 3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 6.0.1 |
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 6.0 |
| gentoo | linux | * |
| imagemagick | imagemagick | 6.0.6 |
| imagemagick | imagemagick | 6.0.4 |
| suse | suse_linux | 9.1 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 6.0.3 |
| suse | suse_linux | 8.1 |
| imagemagick | imagemagick | 6.0.7 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 8.0 |
| imagemagick | imagemagick | 6.0.5 |
| imagemagick | imagemagick | 5.4.4.5 |
| suse | suse_linux | 9.2 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 6.0.8 |
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.2 |
| debian | debian_linux | 3.0 |
| imagemagick | imagemagick | 6.0.2.5 |
| imagemagick | imagemagick | 6.0.1 |
| suse | suse_linux | 8.2 |
| imagemagick | imagemagick | 6.0 |
| gentoo | linux | 1.2 |
| imagemagick | imagemagick | 6.0.6 |
| graphicsmagick | graphicsmagick | 1.1.3 |
| imagemagick | imagemagick | 6.0.4 |
| sgi | propack | 3.0 |
| graphicsmagick | graphicsmagick | 1.1.4 |
| suse | suse_linux | 9.1 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 6.0.3 |
| imagemagick | imagemagick | 6.1.5 |
| gentoo | linux | 1.4 |
| imagemagick | imagemagick | 6.1 |
| imagemagick | imagemagick | 6.2.0.7 |
| suse | suse_linux | 8.1 |
| imagemagick | imagemagick | 6.1.2 |
| imagemagick | imagemagick | 6.1.6 |
| imagemagick | imagemagick | 6.1.7 |
| graphicsmagick | graphicsmagick | 1.0.6 |
| imagemagick | imagemagick | 6.0.7 |
| suse | suse_linux | 9.0 |
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 6.1.3 |
| graphicsmagick | graphicsmagick | 1.1 |
| gentoo | linux | 0.7 |
| imagemagick | imagemagick | 5.3.3 |
| suse | suse_linux | 8.0 |
| imagemagick | imagemagick | 6.0.5 |
| graphicsmagick | graphicsmagick | 1.0 |
| gentoo | linux | 0.5 |
| imagemagick | imagemagick | 6.1.4 |
| suse | suse_linux | 9.2 |
| imagemagick | imagemagick | 6.1.1.6 |
| imagemagick | imagemagick | 6.0.2 |
| imagemagick | imagemagick | 6.0.8 |
| imagemagick | imagemagick | 6.2.0.4 |
| gentoo | linux | 1.1a |
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.3 |
| imagemagick | imagemagick | 5.5 |
| imagemagick | imagemagick | 5.2 |
| imagemagick | imagemagick | 5.4 |
ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 5.3.3 |
| imagemagick | imagemagick | 5.5.4 |
| imagemagick | imagemagick | 5.5.6 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.3.8 |
| sgi | propack | 3.0 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 5.3.3 |
| imagemagick | imagemagick | 5.5.4 |
| imagemagick | imagemagick | 5.5.6 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.3.8 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| imagemagick | imagemagick | 6.0.2.5 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 6.0.1 |
| imagemagick | imagemagick | 6.0 |
| imagemagick | imagemagick | 6.0.6 |
| imagemagick | imagemagick | 6.0.4 |
| sgi | propack | 3.0 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 6.0.3 |
| imagemagick | imagemagick | 6.1.5 |
| imagemagick | imagemagick | 6.1 |
| imagemagick | imagemagick | 6.1.2 |
| imagemagick | imagemagick | 6.1.6 |
| imagemagick | imagemagick | 6.1.7 |
| imagemagick | imagemagick | 6.0.7 |
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 6.1.3 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.3.3 |
| imagemagick | imagemagick | 5.5.4 |
| imagemagick | imagemagick | 5.5.6 |
| imagemagick | imagemagick | 6.0.5 |
| imagemagick | imagemagick | 6.1.4 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.3.8 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 6.1.1.6 |
| imagemagick | imagemagick | 6.0.2 |
| imagemagick | imagemagick | 6.0.8 |
Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 6.0.1 |
| imagemagick | imagemagick | 5.3.3 |
| imagemagick | imagemagick | 6.0 |
| imagemagick | imagemagick | 5.5.4 |
| imagemagick | imagemagick | 5.5.6 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.3.8 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.2 |
| imagemagick | imagemagick | 6.1.8 |
| imagemagick | imagemagick | 6.0.2.5 |
| imagemagick | imagemagick | 6.0.1 |
| imagemagick | imagemagick | 6.0 |
| graphicsmagick | graphicsmagick | 1.1.5 |
| imagemagick | imagemagick | 6.0.6 |
| graphicsmagick | graphicsmagick | 1.1.3 |
| imagemagick | imagemagick | 6.0.4 |
| graphicsmagick | graphicsmagick | 1.1.4 |
| imagemagick | imagemagick | 6.0.3 |
| imagemagick | imagemagick | 6.1.5 |
| imagemagick | imagemagick | 6.1 |
| imagemagick | imagemagick | 6.2.0.7 |
| imagemagick | imagemagick | 6.1.2 |
| imagemagick | imagemagick | 6.1.6 |
| imagemagick | imagemagick | 6.1.7 |
| graphicsmagick | graphicsmagick | 1.0.6 |
| imagemagick | imagemagick | 6.0.7 |
| imagemagick | imagemagick | 6.1.3 |
| graphicsmagick | graphicsmagick | 1.1 |
| imagemagick | imagemagick | 6.0.5 |
| graphicsmagick | graphicsmagick | 1.0 |
| imagemagick | imagemagick | 6.2.1 |
| imagemagick | imagemagick | 6.1.4 |
| imagemagick | imagemagick | 6.1.1.6 |
| imagemagick | imagemagick | 6.0.2 |
| imagemagick | imagemagick | 6.0.8 |
| imagemagick | imagemagick | 6.2.0.4 |
The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.2 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| imagemagick | imagemagick | 6.1.8 |
| imagemagick | imagemagick | 6.0.2.5 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| imagemagick | imagemagick | 6.0.1 |
| imagemagick | imagemagick | 6.2.2 |
| imagemagick | imagemagick | 6.0 |
| graphicsmagick | graphicsmagick | 1.1.5 |
| imagemagick | imagemagick | 6.0.6 |
| graphicsmagick | graphicsmagick | 1.1.3 |
| imagemagick | imagemagick | 6.0.4 |
| graphicsmagick | graphicsmagick | 1.1.4 |
| imagemagick | imagemagick | 5.4.7 |
| imagemagick | imagemagick | 6.0.3 |
| imagemagick | imagemagick | 6.1.5 |
| graphicsmagick | graphicsmagick | 1.1.6 |
| imagemagick | imagemagick | 6.1 |
| imagemagick | imagemagick | 6.2.0.7 |
| imagemagick | imagemagick | 6.1.2 |
| imagemagick | imagemagick | 6.1.6 |
| imagemagick | imagemagick | 6.1.7 |
| graphicsmagick | graphicsmagick | 1.0.6 |
| imagemagick | imagemagick | 6.0.7 |
| imagemagick | imagemagick | 5.4.3 |
| imagemagick | imagemagick | 6.1.3 |
| imagemagick | imagemagick | 5.5.7 |
| graphicsmagick | graphicsmagick | 1.1 |
| imagemagick | imagemagick | 5.3.3 |
| imagemagick | imagemagick | 5.5.4 |
| imagemagick | imagemagick | 5.5.6 |
| imagemagick | imagemagick | 6.0.5 |
| graphicsmagick | graphicsmagick | 1.0 |
| imagemagick | imagemagick | 6.2.1 |
| imagemagick | imagemagick | 6.1.4 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.3.8 |
| imagemagick | imagemagick | 5.4.8 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| imagemagick | imagemagick | 6.1.1.6 |
| imagemagick | imagemagick | 6.0.2 |
| imagemagick | imagemagick | 6.0.8 |
| imagemagick | imagemagick | 6.2.0.4 |
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.0.4.4 |
| imagemagick | imagemagick | 6.1.5.8 |
| imagemagick | imagemagick | 5.3.8.2 |
| imagemagick | imagemagick | 6.0.8.3 |
| imagemagick | imagemagick | 5.3.9 |
| imagemagick | imagemagick | 5.4.8.3 |
| imagemagick | imagemagick | 5.4.6.3 |
| imagemagick | imagemagick | 5.5.2.5 |
| imagemagick | imagemagick | 4.2.9 |
| imagemagick | imagemagick | 5.3.7 |
| imagemagick | imagemagick | 5.4.0.5 |
| imagemagick | imagemagick | 5.4.9.1 |
| imagemagick | imagemagick | 5.5.7q8 |
| imagemagick | imagemagick | 6.2.3.6 |
| imagemagick | imagemagick | 4.2.7 |
| imagemagick | imagemagick | 5.3.4 |
| imagemagick | imagemagick | 5.3.1 |
| imagemagick | imagemagick | 6.1.7.5 |
| imagemagick | imagemagick | 6.1.3.7 |
| imagemagick | imagemagick | 5.4.4.5 |
| imagemagick | imagemagick | 5.5.7.31 |
| imagemagick | imagemagick | 6.0.6.2 |
| imagemagick | imagemagick | 5.4.3.11 |
| imagemagick | imagemagick | 6.1.1.6 |
| imagemagick | imagemagick | 6.1.4.5 |
| imagemagick | imagemagick | 5.4.7.4 |
| imagemagick | imagemagick | 5.3.6 |
| imagemagick | imagemagick | 5.4.5.1 |
| imagemagick | imagemagick | 5.3.0 |
| imagemagick | imagemagick | 6.2.0.8 |
| imagemagick | imagemagick | 5.5.5.3 |
| imagemagick | imagemagick | 5.5.7q16 |
| imagemagick | imagemagick | 5.5.4.4 |
| imagemagick | imagemagick | 6.2.2.5 |
| imagemagick | imagemagick | 6.0 |
| imagemagick | imagemagick | 5.3.2 |
| imagemagick | imagemagick | 5.4.2.3 |
| imagemagick | imagemagick | 6.0.7.3 |
| imagemagick | imagemagick | 6.2.1.7 |
| imagemagick | imagemagick | 5.5.3.2 |
| imagemagick | imagemagick | 5.4.1.2 |
| imagemagick | imagemagick | 6.1.9.4 |
| imagemagick | imagemagick | 5.3.5 |
| imagemagick | imagemagick | 6.0.0.7 |
| imagemagick | imagemagick | 5.3.3 |
| imagemagick | imagemagick | 6.1.2.7 |
| imagemagick | imagemagick | 5.5.7.35 |
| imagemagick | imagemagick | 6.0.1.4 |
| imagemagick | imagemagick | 6.0.2.7 |
| imagemagick | imagemagick | 6.1.0.9 |
| imagemagick | imagemagick | 5.5.6 |
| imagemagick | imagemagick | 5.2.0 |
| imagemagick | imagemagick | 6.1.8.7 |
| imagemagick | imagemagick | 6.0.5.3 |
| imagemagick | imagemagick | 5.2.6 |
| imagemagick | imagemagick | 5.5.1.4 |
| imagemagick | imagemagick | 6.1.6.9 |
| imagemagick | imagemagick | 6.0.3.5 |
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.2.4.5 |
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.2.3 |
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.0.6.2 |
| imagemagick | imagemagick | 6.2.4 |
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 6.06 |
| canonical | ubuntu_linux | 7.04 |
| canonical | ubuntu_linux | 6.10 |
| imagemagick | imagemagick | * |
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.4.8 |
| imagemagick | imagemagick | 6.6.4 |
| imagemagick | imagemagick | 6.3.2-2 |
| imagemagick | imagemagick | 6.4.6-8 |
| imagemagick | imagemagick | 6.4.6-9 |
| imagemagick | imagemagick | 6.3.2-4 |
| imagemagick | imagemagick | 6.4.6-5 |
| imagemagick | imagemagick | 6.5.9-10 |
| imagemagick | imagemagick | 6.4.9-10 |
| imagemagick | imagemagick | 6.5.5-6 |
| imagemagick | imagemagick | 6.5.0-10 |
| imagemagick | imagemagick | 6.5.3-7 |
| imagemagick | imagemagick | 6.6.3-10 |
| imagemagick | imagemagick | 6.4.6-6 |
| imagemagick | imagemagick | 6.5.8-8 |
| imagemagick | imagemagick | 6.6.0 |
| imagemagick | imagemagick | 6.6.1-1 |
| imagemagick | imagemagick | 6.5.0-7 |
| imagemagick | imagemagick | 6.5.2-9 |
| imagemagick | imagemagick | 6.5.3-8 |
| imagemagick | imagemagick | 6.5.4 |
| imagemagick | imagemagick | 6.3.7-2 |
| imagemagick | imagemagick | 6.3.2-7 |
| imagemagick | imagemagick | 6.5.0 |
| imagemagick | imagemagick | 6.5.7-3 |
| imagemagick | imagemagick | 6.3.1-7 |
| imagemagick | imagemagick | 6.3.2-8 |
| imagemagick | imagemagick | 6.5.0-9 |
| imagemagick | imagemagick | 6.6.5-3 |
| imagemagick | imagemagick | 6.4.1-1 |
| imagemagick | imagemagick | 6.5.6-10 |
| imagemagick | imagemagick | 6.5.8-3 |
| imagemagick | imagemagick | 6.5.2-8 |
| imagemagick | imagemagick | 6.5.7-2 |
| imagemagick | imagemagick | 6.6.3-7 |
| imagemagick | imagemagick | 6.4.0-7 |
| imagemagick | imagemagick | 6.5.1 |
| imagemagick | imagemagick | 6.4.2-4 |
| imagemagick | imagemagick | 6.4.0 |
| imagemagick | imagemagick | 6.3.9-8 |
| imagemagick | imagemagick | 6.5.1-6 |
| imagemagick | imagemagick | 6.4.9-8 |
| imagemagick | imagemagick | 6.5.9-6 |
| imagemagick | imagemagick | 6.4.1-8 |
| imagemagick | imagemagick | 6.4.3 |
| imagemagick | imagemagick | 6.5.9-3 |
| imagemagick | imagemagick | 6.3.3 |
| imagemagick | imagemagick | 6.6.1-3 |
| imagemagick | imagemagick | 6.4.8-9 |
| imagemagick | imagemagick | 6.4.4-8 |
| imagemagick | imagemagick | 6.6.1-8 |
| imagemagick | imagemagick | 6.5.1-3 |
| imagemagick | imagemagick | 6.6.0-7 |
| imagemagick | imagemagick | 6.4.0-8 |
| imagemagick | imagemagick | 6.4.5 |
| imagemagick | imagemagick | 6.5.1-4 |
| imagemagick | imagemagick | 6.6.0-9 |
| imagemagick | imagemagick | 6.4.1-5 |
| imagemagick | imagemagick | 6.6.2 |
| imagemagick | imagemagick | 6.3.9-2 |
| imagemagick | imagemagick | 6.5.6 |
| imagemagick | imagemagick | 6.3.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 6.4.5-3 |
| imagemagick | imagemagick | 6.5.6-9 |
| imagemagick | imagemagick | 6.5.1-1 |
| imagemagick | imagemagick | 6.4.1-3 |
| imagemagick | imagemagick | 6.4.3-1 |
| imagemagick | imagemagick | 6.4.9 |
| imagemagick | imagemagick | 6.5.1-9 |
| imagemagick | imagemagick | 6.4.2-7 |
| imagemagick | imagemagick | 6.4.0-10 |
| imagemagick | imagemagick | 6.4.7-5 |
| imagemagick | imagemagick | 6.6.0-5 |
| imagemagick | imagemagick | 6.5.7-9 |
| imagemagick | imagemagick | 6.3.2-6 |
| imagemagick | imagemagick | 6.4.1-7 |
| imagemagick | imagemagick | 6.5.5-9 |
| imagemagick | imagemagick | 6.4.2 |
| imagemagick | imagemagick | 6.5.8-4 |
| imagemagick | imagemagick | 6.5.9-1 |
| imagemagick | imagemagick | 6.4.4 |
| imagemagick | imagemagick | 6.4.9-3 |
| imagemagick | imagemagick | 6.4.0-1 |
| imagemagick | imagemagick | 6.4.4-5 |
| imagemagick | imagemagick | 6.5.8-2 |
| imagemagick | imagemagick | 6.5.2-6 |
| imagemagick | imagemagick | 6.6.4-1 |
| imagemagick | imagemagick | 6.3.5-9 |
| imagemagick | imagemagick | 6.4.2-6 |
| imagemagick | imagemagick | 6.3.5-7 |
| imagemagick | imagemagick | 6.6.4-4 |
| imagemagick | imagemagick | 6.5.4-8 |
| imagemagick | imagemagick | 6.4.3-6 |
| imagemagick | imagemagick | 6.5.2-3 |
| imagemagick | imagemagick | 6.6.0-2 |
| imagemagick | imagemagick | 6.4.8-8 |
| imagemagick | imagemagick | 6.5.7-1 |
| imagemagick | imagemagick | 6.5.6-6 |
| imagemagick | imagemagick | 6.4.8-5 |
| imagemagick | imagemagick | 6.4.2-8 |
| imagemagick | imagemagick | 6.5.4-9 |
| imagemagick | imagemagick | 6.4.4-1 |
| imagemagick | imagemagick | 6.3.9-5 |
| imagemagick | imagemagick | 6.6.1-10 |
| imagemagick | imagemagick | 6.3.4-9 |
| imagemagick | imagemagick | 6.5.9-4 |
| imagemagick | imagemagick | 6.3.2-5 |
| imagemagick | imagemagick | 6.3.3-6 |
| imagemagick | imagemagick | 6.5.9-7 |
| imagemagick | imagemagick | 6.3.7-5 |
| imagemagick | imagemagick | 6.5.9 |
| imagemagick | imagemagick | 6.5.7-5 |
| imagemagick | imagemagick | 6.3.2-3 |
| imagemagick | imagemagick | 6.6.5-2 |
| imagemagick | imagemagick | 6.5.8-7 |
| imagemagick | imagemagick | 6.6.3 |
| imagemagick | imagemagick | 6.5.9-5 |
| imagemagick | imagemagick | 6.5.0-2 |
| imagemagick | imagemagick | 6.5.4-5 |
| imagemagick | imagemagick | 6.4.1 |
| imagemagick | imagemagick | 6.6.0-8 |
| imagemagick | imagemagick | 6.5.0-4 |
| imagemagick | imagemagick | 6.5.8 |
| imagemagick | imagemagick | 6.4.1-6 |
| imagemagick | imagemagick | 6.3.4-4 |
| imagemagick | imagemagick | 6.6.2-10 |
| imagemagick | imagemagick | 6.3.4-1 |
| imagemagick | imagemagick | 6.5.3-4 |
| imagemagick | imagemagick | 6.3.8-1 |
| imagemagick | imagemagick | 6.6.0-4 |
| imagemagick | imagemagick | 6.5.0-6 |
| imagemagick | imagemagick | 6.5.8-9 |
| imagemagick | imagemagick | 6.6.2-2 |
| imagemagick | imagemagick | 6.3.6-3 |
| imagemagick | imagemagick | 6.4.0-5 |
| imagemagick | imagemagick | 6.5.0-3 |
| imagemagick | imagemagick | 6.4.7-4 |
| imagemagick | imagemagick | 6.6.3-1 |
| imagemagick | imagemagick | 6.4.8-4 |
| imagemagick | imagemagick | 6.3.8-9 |
| imagemagick | imagemagick | 6.4.0-4 |
| imagemagick | imagemagick | 6.5.7-7 |
| imagemagick | imagemagick | 6.5.8-1 |
| imagemagick | imagemagick | 6.4.8-1 |
| imagemagick | imagemagick | 6.3.8-2 |
| imagemagick | imagemagick | 6.6.5-1 |
| imagemagick | imagemagick | 6.5.6-2 |
| imagemagick | imagemagick | 6.3.7-3 |
| imagemagick | imagemagick | 6.3.4-3 |
| imagemagick | imagemagick | 6.4.8-2 |
| imagemagick | imagemagick | 6.3.7-9 |
| imagemagick | imagemagick | 6.4.6-3 |
| imagemagick | imagemagick | 6.4.6-4 |
| imagemagick | imagemagick | 6.3.5-6 |
| imagemagick | imagemagick | 6.5.5-7 |
| imagemagick | imagemagick | 6.5.3-6 |
| imagemagick | imagemagick | 6.3.2-1 |
| imagemagick | imagemagick | 6.3.3-1 |
| imagemagick | imagemagick | 6.3.8-5 |
| imagemagick | imagemagick | 6.4.6-1 |
| imagemagick | imagemagick | 6.5.4-1 |
| imagemagick | imagemagick | 6.5.4-4 |
| imagemagick | imagemagick | 6.3.4-10 |
| imagemagick | imagemagick | 6.4.2-5 |
| imagemagick | imagemagick | 6.4.5-2 |
| imagemagick | imagemagick | 6.3.5 |
| imagemagick | imagemagick | 6.4.8-7 |
| imagemagick | imagemagick | 6.3.7-4 |
| imagemagick | imagemagick | 6.4.1-2 |
| imagemagick | imagemagick | 6.6.0-1 |
| imagemagick | imagemagick | 6.5.0-8 |
| imagemagick | imagemagick | 6.4.8-6 |
| imagemagick | imagemagick | 6.3.9-9 |
| imagemagick | imagemagick | 6.4.3-3 |
| imagemagick | imagemagick | 6.5.6-3 |
| imagemagick | imagemagick | 6.3.7 |
| imagemagick | imagemagick | 6.3.6-6 |
| imagemagick | imagemagick | 6.5.2-10 |
| imagemagick | imagemagick | 6.3.3-4 |
| imagemagick | imagemagick | 6.5.7-6 |
| imagemagick | imagemagick | 6.6.2-4 |
| imagemagick | imagemagick | 6.5.0-5 |
| imagemagick | imagemagick | 6.5.4-10 |
| imagemagick | imagemagick | 6.6.2-6 |
| imagemagick | imagemagick | 6.4.7-1 |
| imagemagick | imagemagick | 6.3.5-10 |
| imagemagick | imagemagick | 6.4.4-7 |
| imagemagick | imagemagick | 6.3.9 |
| imagemagick | imagemagick | 6.6.3-4 |
| imagemagick | imagemagick | 6.5.7-8 |
| imagemagick | imagemagick | 6.4.0-11 |
| imagemagick | imagemagick | 6.6.4-9 |
| imagemagick | imagemagick | 6.4.1-4 |
| imagemagick | imagemagick | 6.6.5 |
| imagemagick | imagemagick | 6.6.1-4 |
| imagemagick | imagemagick | 6.3.6-7 |
| imagemagick | imagemagick | 6.4.3-8 |
| imagemagick | imagemagick | 6.3.9-10 |
| imagemagick | imagemagick | 6.5.5-1 |
| imagemagick | imagemagick | 6.4.5-6 |
| imagemagick | imagemagick | 6.3.6-2 |
| imagemagick | imagemagick | 6.3.7-1 |
| imagemagick | imagemagick | 6.5.3-10 |
| imagemagick | imagemagick | 6.6.1-6 |
| imagemagick | imagemagick | 6.4.9-9 |
| imagemagick | imagemagick | 6.6.2-9 |
| imagemagick | imagemagick | 6.3.4-2 |
| imagemagick | imagemagick | 6.3.7-10 |
| imagemagick | imagemagick | 6.4.7-6 |
| imagemagick | imagemagick | 6.3.6 |
| imagemagick | imagemagick | 6.5.1-2 |
| imagemagick | imagemagick | 6.4.9-2 |
| imagemagick | imagemagick | 6.5.2-1 |
| imagemagick | imagemagick | 6.3.3-3 |
| imagemagick | imagemagick | 6.4.2-9 |
| imagemagick | imagemagick | 6.5.5-4 |
| imagemagick | imagemagick | 6.3.6-9 |
| imagemagick | imagemagick | 6.5.5-8 |
| imagemagick | imagemagick | 6.4.1-9 |
| imagemagick | imagemagick | 6.3.3-9 |
| imagemagick | imagemagick | 6.6.2-7 |
| imagemagick | imagemagick | 6.4.4-3 |
| imagemagick | imagemagick | 6.4.8-10 |
| imagemagick | imagemagick | 6.4.9-7 |
| imagemagick | imagemagick | 6.6.2-8 |
| imagemagick | imagemagick | 6.6.4-5 |
| imagemagick | imagemagick | 6.5.2-7 |
| imagemagick | imagemagick | 6.5.6-4 |
| imagemagick | imagemagick | 6.4.8-3 |
| imagemagick | imagemagick | 6.6.3-3 |
| imagemagick | imagemagick | 6.4.5-4 |
| imagemagick | imagemagick | 6.3.9-7 |
| imagemagick | imagemagick | 6.6.0-6 |
| imagemagick | imagemagick | 6.6.3-6 |
| imagemagick | imagemagick | 6.6.2-1 |
| imagemagick | imagemagick | 6.3.8-10 |
| imagemagick | imagemagick | 6.4.5-7 |
| imagemagick | imagemagick | 6.5.2-2 |
| imagemagick | imagemagick | 6.5.3 |
| imagemagick | imagemagick | 6.5.8-6 |
| imagemagick | imagemagick | 6.6.1-2 |
| imagemagick | imagemagick | 6.5.5-2 |
| imagemagick | imagemagick | 6.6.3-2 |
| imagemagick | imagemagick | 6.3.6-8 |
| imagemagick | imagemagick | 6.3.5-4 |
| imagemagick | imagemagick | 6.5.7-4 |
| imagemagick | imagemagick | 6.3.3-5 |
| imagemagick | imagemagick | 6.6.4-10 |
| imagemagick | imagemagick | 6.3.3-2 |
| imagemagick | imagemagick | 6.5.6-7 |
| imagemagick | imagemagick | 6.3.8 |
| imagemagick | imagemagick | 6.6.2-3 |
| imagemagick | imagemagick | 6.4.3-5 |
| imagemagick | imagemagick | 6.4.7-10 |
| imagemagick | imagemagick | 6.3.6-10 |
| imagemagick | imagemagick | 6.3.4-8 |
| imagemagick | imagemagick | 6.3.6-1 |
| imagemagick | imagemagick | 6.4.7-7 |
| imagemagick | imagemagick | 6.4.7-2 |
| imagemagick | imagemagick | 6.5.7 |
| imagemagick | imagemagick | 6.5.3-5 |
| imagemagick | imagemagick | 6.4.2-2 |
| imagemagick | imagemagick | 6.5.4-3 |
| imagemagick | imagemagick | 6.5.3-1 |
| imagemagick | imagemagick | 6.6.1 |
| imagemagick | imagemagick | 6.3.6-5 |
| imagemagick | imagemagick | 6.3.4-5 |
| imagemagick | imagemagick | 6.4.2-10 |
| imagemagick | imagemagick | 6.5.4-7 |
| imagemagick | imagemagick | 6.4.3-10 |
| imagemagick | imagemagick | 6.5.5-3 |
| imagemagick | imagemagick | 6.4.7-8 |
| imagemagick | imagemagick | 6.3.3-8 |
| imagemagick | imagemagick | 6.3.9-1 |
| imagemagick | imagemagick | 6.5.4-6 |
| imagemagick | imagemagick | 6.5.9-2 |
| imagemagick | imagemagick | 6.5.6-8 |
| imagemagick | imagemagick | 6.6.2-5 |
| imagemagick | imagemagick | 6.4.5-9 |
| imagemagick | imagemagick | 6.3.6-4 |
| imagemagick | imagemagick | 6.6.1-7 |
| imagemagick | imagemagick | 6.3.5-5 |
| imagemagick | imagemagick | 6.5.9-8 |
| imagemagick | imagemagick | 6.4.7-3 |
| imagemagick | imagemagick | 6.6.1-5 |
| imagemagick | imagemagick | 6.5.1-10 |
| imagemagick | imagemagick | 6.5.0-1 |
| imagemagick | imagemagick | 6.5.3-3 |
| imagemagick | imagemagick | 6.5.5-10 |
| imagemagick | imagemagick | 6.4.2-1 |
| imagemagick | imagemagick | 6.6.4-8 |
| imagemagick | imagemagick | 6.5.6-5 |
| imagemagick | imagemagick | 6.3.2 |
| imagemagick | imagemagick | 6.3.4 |
| imagemagick | imagemagick | 6.6.4-7 |
| imagemagick | imagemagick | 6.5.2 |
| imagemagick | imagemagick | 6.6.4-6 |
| imagemagick | imagemagick | 6.3.8-7 |
| imagemagick | imagemagick | 6.4.9-5 |
| imagemagick | imagemagick | 6.6.1-9 |
| imagemagick | imagemagick | 6.3.8-3 |
| imagemagick | imagemagick | 6.5.2-5 |
| imagemagick | imagemagick | 6.3.3-7 |
| imagemagick | imagemagick | 6.3.7-7 |
| imagemagick | imagemagick | 6.4.3-7 |
| imagemagick | imagemagick | 6.4.6 |
| imagemagick | imagemagick | 6.5.1-7 |
| imagemagick | imagemagick | 6.4.0-6 |
| imagemagick | imagemagick | 6.4.3-2 |
| imagemagick | imagemagick | 6.6.0-10 |
| imagemagick | imagemagick | 6.4.6-2 |
| imagemagick | imagemagick | 6.4.5-1 |
| imagemagick | imagemagick | 6.6.3-5 |
| imagemagick | imagemagick | 6.5.4-2 |
| imagemagick | imagemagick | 6.3.1-6 |
| imagemagick | imagemagick | 6.3.9-4 |
| imagemagick | imagemagick | 6.5.5 |
| imagemagick | imagemagick | 6.6.4-2 |
| imagemagick | imagemagick | 6.3.9-6 |
| imagemagick | imagemagick | 6.5.2-4 |
| imagemagick | imagemagick | 6.4.7-9 |
| imagemagick | imagemagick | 6.5.5-5 |
| imagemagick | imagemagick | 6.5.1-5 |
| imagemagick | imagemagick | 6.3.8-6 |
| imagemagick | imagemagick | 6.5.8-5 |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| canonical | ubuntu_linux | 11.10 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 10.04 |
| redhat | enterprise_linux_server_eus | 6.2 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_server | 5.0 |
| debian | debian_linux | 7.0 |
| redhat | enterprise_linux_eus | 6.2 |
| canonical | ubuntu_linux | 11.04 |
| imagemagick | imagemagick | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| redhat | storage | 2.0 |
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 5.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| canonical | ubuntu_linux | 11.10 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 10.04 |
| redhat | enterprise_linux_server_eus | 6.2 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | enterprise_linux_server | 5.0 |
| debian | debian_linux | 7.0 |
| redhat | enterprise_linux_eus | 6.2 |
| canonical | ubuntu_linux | 11.04 |
| imagemagick | imagemagick | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| redhat | storage | 2.0 |
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.1 |
| canonical | ubuntu_linux | 11.10 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 11.04 |
| imagemagick | imagemagick | * |
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 5.0 |
| opensuse | opensuse | 11.4 |
| canonical | ubuntu_linux | 13.10 |
| redhat | enterprise_linux_desktop | 5.0 |
| opensuse | opensuse | 12.1 |
| debian | debian_linux | 6.0 |
| redhat | enterprise_linux_aus | 6.2 |
| redhat | enterprise_linux_server_eus | 6.2 |
| redhat | enterprise_linux_server | 5.0 |
| redhat | enterprise_linux_eus | 6.2 |
| canonical | ubuntu_linux | 12.10 |
| imagemagick | imagemagick | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| canonical | ubuntu_linux | 12.04 |
| redhat | storage | 2.0 |
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.1 |
| canonical | ubuntu_linux | 11.10 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 11.04 |
| imagemagick | imagemagick | * |
Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.1 |
| canonical | ubuntu_linux | 11.10 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 11.04 |
| imagemagick | imagemagick | * |
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| opensuse | opensuse | 12.1 |
| canonical | ubuntu_linux | 11.10 |
| debian | debian_linux | 6.0 |
| canonical | ubuntu_linux | 10.04 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 11.04 |
| imagemagick | imagemagick | * |
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 6.0 |
| opensuse | opensuse | 11.4 |
| redhat | enterprise_linux_desktop | 6.0 |
| opensuse | opensuse | 12.1 |
| debian | debian_linux | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server_eus | 6.2 |
| redhat | enterprise_linux_server_aus | 6.2 |
| redhat | storage | 2.0 |
| redhat | enterprise_linux_eus | 6.2 |
| imagemagick | imagemagick | * |
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.7.8-4 |
| imagemagick | imagemagick | 6.7.8-0 |
| imagemagick | imagemagick | 6.7.8-3 |
| imagemagick | imagemagick | 6.7.8-1 |
| imagemagick | imagemagick | 6.7.8-2 |
| imagemagick | imagemagick | 6.7.8-5 |
| imagemagick | imagemagick | 6.7.8-6 |
| imagemagick | imagemagick | * |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_desktop | 11 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_software_development_kit | 11 |
| imagemagick | imagemagick | * |
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| canonical | ubuntu_linux | 13.10 |
| opensuse | opensuse | 12.3 |
| opensuse | opensuse | 13.1 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 12.10 |
| imagemagick | imagemagick | * |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.4 |
| canonical | ubuntu_linux | 13.10 |
| opensuse | opensuse | 12.3 |
| opensuse | opensuse | 13.1 |
| canonical | ubuntu_linux | 12.04 |
| imagemagick | imagemagick | 6.8.8-5 |
| canonical | ubuntu_linux | 12.10 |
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
imagemagick 6.8.9.6 has remote DOS via infinite loop
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-6 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
CVSS 2.0
Severity: LOW
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-388,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | - |
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.9-9 |
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-388,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| suse | studio_onsite | 1.3 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| suse | studio_onsite | 1.3 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse | leap | 42.2 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| suse | studio_onsite | 1.3 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse | leap | 42.2 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| opensuse_project | studio_onsite | 1.3 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse | leap | 42.2 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| imagemagick | imagemagick | * |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| opensuse_project | suse_linux_enterprise_server_for_raspberry_pi | 12.0 |
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.8.8-9 |
| opensuse_project | leap | 42.1 |
| opensuse_project | suse_linux_enterprise_server | 11.0 |
| opensuse_project | suse_linux_enterprise_server | 12.0 |
| opensuse_project | suse_linux_enterprise_workstation_extension | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse_project | suse_linux_enterprise_debuginfo | 11.0 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| canonical | ubuntu_linux | 16.10 |
| opensuse_project | suse_linux_enterprise_desktop | 12.0 |
| opensuse | opensuse | 13.2 |
| opensuse_project | suse_linux_enterprise_software_development_kit | 12.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-913,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| suse | linux_enterprise_server | 12 |
| suse | linux_enterprise_software_development_kit | 12 |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_workstation_extension | 12 |
| imagemagick | imagemagick | * |
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_server | 12 |
| canonical | ubuntu_linux | 16.04 |
| suse | linux_enterprise_workstation_extension | 12 |
| imagemagick | imagemagick | * |
| opensuse_project | suse_linux_enterprise_software_development_kit | 11.0 |
| novell | leap | 42.2 |
| canonical | ubuntu_linux | 16.10 |
| suse | linux_enterprise_debuginfo | 11 |
| suse | linux_enterprise_software_development_kit | 12 |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_desktop | 12 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| canonical | ubuntu_linux | 16.10 |
| suse | linux_enterprise_server | 11 |
| opensuse | opensuse | 13.2 |
| canonical | ubuntu_linux | 16.04 |
| suse | linux_enterprise_software_development_kit | 11 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| suse | suse_linux_enterprise_server | 12 |
| imagemagick | imagemagick | * |
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 6.9.1-5 |
| imagemagick | imagemagick | 6.9.3-3 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 6.9.3-7 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 6.9.1-9 |
| imagemagick | imagemagick | 6.9.2-0 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 6.9.3-5 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 6.9.2-10 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 6.9.2-4 |
| imagemagick | imagemagick | 6.9.2-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 6.9.3-10 |
| imagemagick | imagemagick | 6.9.2-9 |
| imagemagick | imagemagick | 6.9.3-4 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 6.9.2-6 |
| imagemagick | imagemagick | 6.9.2-8 |
| imagemagick | imagemagick | 6.9.2-3 |
| imagemagick | imagemagick | 6.9.3-6 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 6.9.1-7 |
| imagemagick | imagemagick | 6.9.2-1 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 6.9.3-2 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 6.9.1-6 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 6.9.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 6.9.1-3 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 6.9.3-9 |
| imagemagick | imagemagick | 6.9.1-8 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 6.9.3-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 6.9.3-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 6.9.1-4 |
| imagemagick | imagemagick | 6.9.2-2 |
| imagemagick | imagemagick | 6.9.2-7 |
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| oracle | linux | 6 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_eus | 7.7 |
| imagemagick | imagemagick | * |
| oracle | linux | 7 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.4-7 |
| opensuse_project | leap | 42.1 |
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| opensuse | leap | 42.2 |
| imagemagick | imagemagick | 6.9.4-8 |
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| imagemagick | imagemagick | 6.9.5-5 |
| opensuse | leap | 42.2 |
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-252,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-252,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-388,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | - |
| imagemagick | imagemagick | * |
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| imagemagick | imagemagick | * |
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| imagemagick | imagemagick | * |
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | leap | 42.1 |
| opensuse | leap | 42.2 |
| imagemagick | imagemagick | * |
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse_project | leap | 42.1 |
| imagemagick | imagemagick | * |
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| opensuse | leap | 42.2 |
| imagemagick | imagemagick | * |
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| suse | suse_linux_enterprise_server | 12 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.0-0 |
| canonical | ubuntu_linux | 15.10 |
| opensuse | opensuse | 13.2 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.1-0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,CWE-552,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.3_ppc64le |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.7_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.7_ppc64le |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| suse | linux_enterprise_workstation_extension | 12 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.7_ppc64 |
| redhat | enterprise_linux_eus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.2 |
| suse | linux_enterprise_debuginfo | 11 |
| redhat | enterprise_linux_server_aus | 7.4 |
| suse | linux_enterprise_software_development_kit | 12 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_for_power_little_endian | 7.0_ppc64le |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_eus | 7.6 |
| suse | openstack_cloud | 5 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.6_ppc64le |
| oracle | solaris | 10 |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.2_ppc64 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| imagemagick | imagemagick | 7.0.1-0 |
| redhat | enterprise_linux_server_supplementary_eus | 6.7z |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_server | 12 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.4_s390x |
| suse | manager_proxy | 2.1 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| oracle | linux | 6 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.2_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.6_s390x |
| redhat | enterprise_linux_eus | 6.7 |
| suse | linux_enterprise_desktop | 12 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| suse | manager | 2.1 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 6.7_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.4_ppc64le |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.5_s390x |
| imagemagick | imagemagick | * |
| oracle | linux | 7 |
| redhat | enterprise_linux_eus | 7.4 |
| imagemagick | imagemagick | 7.0.0-0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.5_ppc64le |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.2_ppc64le |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.3_s390x |
| oracle | solaris | 11.3 |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| imagemagick | imagemagick | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| imagemagick | imagemagick | 7.0.0-0 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| imagemagick | imagemagick | 7.0.1-0 |
| redhat | enterprise_linux_server_supplementary_eus | 6.7z |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 14.04 |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| imagemagick | imagemagick | * |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| imagemagick | imagemagick | 7.0.0-0 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| imagemagick | imagemagick | 7.0.1-0 |
| redhat | enterprise_linux_server_supplementary_eus | 6.7z |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 14.04 |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.3_ppc64le |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.7_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.7_ppc64le |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64 |
| suse | linux_enterprise_workstation_extension | 12 |
| redhat | enterprise_linux_hpc_node | 7.0 |
| redhat | enterprise_linux_hpc_node | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 15.10 |
| redhat | enterprise_linux_for_power_big_endian_eus | 6.7_ppc64 |
| redhat | enterprise_linux_eus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.2 |
| suse | linux_enterprise_debuginfo | 11 |
| redhat | enterprise_linux_server_aus | 7.4 |
| suse | linux_enterprise_software_development_kit | 12 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_for_power_little_endian | 7.0_ppc64le |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_eus | 7.6 |
| suse | openstack_cloud | 5 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.6_ppc64le |
| oracle | solaris | 10 |
| redhat | enterprise_linux_server_from_rhui | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.2_ppc64 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.2 |
| redhat | enterprise_linux_server | 6.0 |
| imagemagick | imagemagick | 7.0.1-0 |
| redhat | enterprise_linux_server_supplementary_eus | 6.7z |
| suse | linux_enterprise_software_development_kit | 11 |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64 |
| redhat | enterprise_linux_hpc_node_eus | 7.2 |
| suse | linux_enterprise_server | 11 |
| suse | linux_enterprise_server | 12 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.4_s390x |
| suse | manager_proxy | 2.1 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| oracle | linux | 6 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.2_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.6_s390x |
| redhat | enterprise_linux_eus | 6.7 |
| suse | linux_enterprise_desktop | 12 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| suse | manager | 2.1 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 6.7_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0_s390x |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.4_ppc64le |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.5_s390x |
| imagemagick | imagemagick | * |
| oracle | linux | 7 |
| redhat | enterprise_linux_eus | 7.4 |
| imagemagick | imagemagick | 7.0.0-0 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.5_ppc64le |
| opensuse | opensuse | 13.2 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.2_ppc64le |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.3_s390x |
| oracle | solaris | 11.3 |
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| suse | linux_enterprise_server | 12 |
| suse | studio_onsite | 1.3 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise_workstation_extension | 12 |
| canonical | ubuntu_linux | 15.10 |
| oracle | linux | 6 |
| suse | linux_enterprise_debuginfo | 11 |
| suse | linux_enterprise_software_development_kit | 12 |
| suse | linux_enterprise_desktop | 12 |
| canonical | ubuntu_linux | 14.04 |
| suse | linux_enterprise_desktop | 12.0 |
| canonical | ubuntu_linux | 16.04 |
| graphicsmagick | graphicsmagick | * |
| imagemagick | imagemagick | * |
| oracle | solaris | 10 |
| oracle | linux | 7 |
| imagemagick | imagemagick | - |
| opensuse | opensuse | 13.2 |
| suse | linux_enterprise_software_development_kit | 12.0 |
| suse | linux_enterprise_software_development_kit | 11 |
| canonical | ubuntu_linux | 12.04 |
| suse | linux_enterprise_server | 12.0 |
| oracle | solaris | 11.3 |
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-0 |
| oracle | solaris | 11.3 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-0 |
| oracle | solaris | 11.3 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.1-6 |
| oracle | solaris | 11.3 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.1-6 |
| oracle | solaris | 11.3 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.1-6 |
| oracle | solaris | 11.3 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | solaris | 11.3 |
| oracle | solaris | 10.0 |
| imagemagick | imagemagick | * |
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | solaris | 10 |
| oracle | solaris | 11.3 |
| imagemagick | imagemagick | * |
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.1-5 |
| oracle | solaris | 10.0 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.1-0 |
| oracle | solaris | 11.3 |
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | - |
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-19,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | * |
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.3-2 |
| debian | debian_linux | 8.0 |
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| opensuse | opensuse | 13.2 |
| imagemagick | imagemagick | * |
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.3-0 |
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.3-1 |
| debian | debian_linux | 8.0 |
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | * |
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| opensuse | opensuse | 13.2 |
| opensuse | leap | 42.2 |
| imagemagick | imagemagick | * |
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.1-0 |
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.3-8 |
| opensuse_project | leap | 42.1 |
| debian | debian_linux | 8.0 |
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | * |
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.3-8 |
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-0 |
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-0 |
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-6 |
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-6 |
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-6 |
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-0 |
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-682,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.6-2 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 6.9.9-3 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.6-3 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.9-4 |
| imagemagick | imagemagick | 7.0.6-4 |
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-4 |
The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-4 |
The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-4 |
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-4 |
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-4 |
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,CWE-681,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-5 |
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.6-2 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.6-3 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.6-4 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-1 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-3 |
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-5 |
In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-5 |
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-6 |
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| canonical | ubuntu_linux | 16.04 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.6-2 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.6-3 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.5-2 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.5-3 |
| imagemagick | imagemagick | 7.0.0-0 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| canonical | ubuntu_linux | 16.04 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.6-2 |
| imagemagick | imagemagick | 7.0.4-7 |
| imagemagick | imagemagick | 7.0.6-1 |
| imagemagick | imagemagick | 7.0.4-10 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.5-4 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.6-0 |
| imagemagick | imagemagick | 7.0.4-5 |
| imagemagick | imagemagick | 7.0.5-6 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.5-9 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.5-0 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.5-10 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
| imagemagick | imagemagick | 7.0.4-4 |
| imagemagick | imagemagick | 7.0.5-8 |
| imagemagick | imagemagick | 7.0.4-9 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.4-8 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.4-6 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.5-1 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.5-5 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-10 |
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.6-10 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-5 |
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-5 |
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-2 |
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.6-10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| imagemagick | imagemagick | 7.0.7-0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.6-1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6-8 |
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-1 |
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-1 |
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-1 |
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6 |
| debian | debian_linux | 9.0 |
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.6-6 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.7-4 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.6 |
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-4 |
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-4 |
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-3 |
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-4 |
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-2 |
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-2 |
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-2 |
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-2 |
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| graphicsmagick | graphicsmagick | 1.3.26 |
| imagemagick | imagemagick | 7.0.6-1 |
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-6 |
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-9 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.7-16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-16 |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-12 |
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-17 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-17 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-1 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.6-10 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-9 |
| imagemagick | imagemagick | 7.0.7-0 |
| imagemagick | imagemagick | 7.0.7-18 |
| imagemagick | imagemagick | 7.0.7-16 |
| imagemagick | imagemagick | 7.0.7-24 |
| imagemagick | imagemagick | 7.0.7-12 |
| imagemagick | imagemagick | 7.0.7-10 |
| imagemagick | imagemagick | 7.0.7-17 |
| imagemagick | imagemagick | 7.0.7-19 |
| imagemagick | imagemagick | 7.0.7-11 |
| imagemagick | imagemagick | 7.0.7-13 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-25 |
| imagemagick | imagemagick | 7.0.7-8 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-22 |
| imagemagick | imagemagick | 7.0.7-21 |
| imagemagick | imagemagick | 7.0.7-3 |
| imagemagick | imagemagick | 7.0.7-5 |
| imagemagick | imagemagick | 7.0.7-1 |
| imagemagick | imagemagick | 7.0.7-4 |
| canonical | ubuntu_linux | 16.04 |
| imagemagick | imagemagick | 7.0.7-14 |
| imagemagick | imagemagick | 7.0.7-2 |
| imagemagick | imagemagick | 7.0.7-15 |
| imagemagick | imagemagick | 7.0.7-20 |
| imagemagick | imagemagick | 7.0.7.7 |
| imagemagick | imagemagick | 7.0.7-23 |
| imagemagick | imagemagick | 7.0.7-6 |
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-9 |
| imagemagick | imagemagick | 7.0.7-0 |
| imagemagick | imagemagick | 7.0.7-18 |
| imagemagick | imagemagick | 7.0.7-16 |
| imagemagick | imagemagick | 7.0.7-24 |
| imagemagick | imagemagick | 7.0.7-12 |
| imagemagick | imagemagick | 7.0.7-10 |
| imagemagick | imagemagick | 7.0.7-17 |
| imagemagick | imagemagick | 7.0.7-19 |
| imagemagick | imagemagick | 7.0.7-11 |
| imagemagick | imagemagick | 7.0.7-13 |
| imagemagick | imagemagick | 7.0.7-25 |
| imagemagick | imagemagick | 7.0.7-8 |
| imagemagick | imagemagick | 7.0.7-22 |
| imagemagick | imagemagick | 7.0.7-21 |
| imagemagick | imagemagick | 7.0.7-3 |
| imagemagick | imagemagick | 7.0.7-5 |
| imagemagick | imagemagick | 7.0.7-1 |
| imagemagick | imagemagick | 7.0.7-4 |
| imagemagick | imagemagick | 7.0.7-14 |
| imagemagick | imagemagick | 7.0.7-2 |
| imagemagick | imagemagick | 7.0.7-15 |
| imagemagick | imagemagick | 7.0.7-20 |
| imagemagick | imagemagick | 7.0.7.7 |
| imagemagick | imagemagick | 7.0.7-23 |
| imagemagick | imagemagick | 7.0.7-6 |
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-9 |
| imagemagick | imagemagick | 7.0.7-0 |
| imagemagick | imagemagick | 7.0.7-18 |
| imagemagick | imagemagick | 7.0.7-16 |
| imagemagick | imagemagick | 7.0.7-24 |
| imagemagick | imagemagick | 7.0.7-12 |
| imagemagick | imagemagick | 7.0.7-10 |
| imagemagick | imagemagick | 7.0.7-17 |
| imagemagick | imagemagick | 7.0.7-19 |
| imagemagick | imagemagick | 7.0.7-11 |
| imagemagick | imagemagick | 7.0.7-13 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-25 |
| imagemagick | imagemagick | 7.0.7-8 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-22 |
| imagemagick | imagemagick | 7.0.7-21 |
| imagemagick | imagemagick | 7.0.7-3 |
| imagemagick | imagemagick | 7.0.7-5 |
| imagemagick | imagemagick | 7.0.7-1 |
| imagemagick | imagemagick | 7.0.7-4 |
| canonical | ubuntu_linux | 16.04 |
| imagemagick | imagemagick | 7.0.7-14 |
| imagemagick | imagemagick | 7.0.7-2 |
| imagemagick | imagemagick | 7.0.7-15 |
| imagemagick | imagemagick | 7.0.7-20 |
| imagemagick | imagemagick | 7.0.7.7 |
| imagemagick | imagemagick | 7.0.7-23 |
| imagemagick | imagemagick | 7.0.7-6 |
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-0 |
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7 |
| canonical | ubuntu_linux | 14.04 |
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7 |
| canonical | ubuntu_linux | 14.04 |
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7 |
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.1-10 |
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.4-3 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.1-0 |
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-0 |
| imagemagick | imagemagick | 7.0.1-10 |
| imagemagick | imagemagick | 7.0.3-4 |
| imagemagick | imagemagick | 7.0.1-6 |
| imagemagick | imagemagick | 7.0.3-0 |
| imagemagick | imagemagick | 7.0.2-1 |
| imagemagick | imagemagick | 7.0.1-1 |
| imagemagick | imagemagick | 7.0.3-1 |
| imagemagick | imagemagick | 7.0.2-8 |
| imagemagick | imagemagick | 7.0.1-8 |
| imagemagick | imagemagick | 7.0.2-2 |
| imagemagick | imagemagick | 7.0.3-10 |
| imagemagick | imagemagick | 7.0.2-9 |
| imagemagick | imagemagick | 7.0.2-0 |
| imagemagick | imagemagick | 7.0.2-5 |
| imagemagick | imagemagick | 7.0.3-3 |
| imagemagick | imagemagick | 7.0.2-10 |
| imagemagick | imagemagick | 7.0.1-4 |
| imagemagick | imagemagick | 7.0.3-2 |
| imagemagick | imagemagick | 7.0.1-7 |
| imagemagick | imagemagick | 7.0.2-7 |
| imagemagick | imagemagick | 7.0.3-9 |
| imagemagick | imagemagick | 7.0.4-1 |
| imagemagick | imagemagick | 7.0.1-5 |
| imagemagick | imagemagick | * |
| imagemagick | imagemagick | 7.0.2-4 |
| imagemagick | imagemagick | 7.0.2-6 |
| imagemagick | imagemagick | 7.0.4-2 |
| imagemagick | imagemagick | 7.0.3-8 |
| imagemagick | imagemagick | 7.0.2-3 |
| imagemagick | imagemagick | 7.0.3-6 |
| imagemagick | imagemagick | 7.0.1-2 |
| imagemagick | imagemagick | 7.0.3-5 |
| imagemagick | imagemagick | 7.0.1-3 |
| imagemagick | imagemagick | 7.0.1-9 |
| imagemagick | imagemagick | 7.0.3-7 |
| imagemagick | imagemagick | 7.0.1-0 |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.7 |
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.7 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.7 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.7 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.7 |
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.7 |
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-9 |
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-4 |
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.4-9 |
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-4 |
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-4 |
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-4 |
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-6 |
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| graphicsmagick | graphicsmagick | * |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-6 |
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-6 |
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-5 |
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-8 |
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.5-7 |
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-28 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-28 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-28 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-23 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-36 |
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-37 |
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-20 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-20 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-3 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-3 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-4 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-4 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-4 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-4 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-4 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-7 |
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-11 |
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-11 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-11 |
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-5 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-6 |
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | 7.0.7-37 |
The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-252,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-4 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.8-11 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| imagemagick | imagemagick | 7.0.8-11 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-28 |
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-28 |
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-28 |
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-28 |
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-13 |
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-13 |
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-13 |
| debian | debian_linux | 8.0 |
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-13 |
| opensuse | leap | 15.0 |
| graphicsmagick | graphicsmagick | * |
In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-835,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-17 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-17 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-17 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-22 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-22 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-772,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
| imagemagick | imagemagick | * |
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-22 |
| libfpx_project | libfpx | 1.3.1-10 |
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-22 |
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| debian | debian_linux | 7.0 |
| imagemagick | imagemagick | 7.0.7-23 |
| canonical | ubuntu_linux | 14.04 |
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-22 |
WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.7-25q16 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 14.04 |
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-26 |
| canonical | ubuntu_linux | 14.04 |
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-834,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| imagemagick | imagemagick | 7.0.7-26 |
| canonical | ubuntu_linux | 14.04 |
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.7-24 |
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-193,CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| opensuse | leap | 42.3 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| imagemagick | imagemagick | 7.0.8-36 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-36 |
| debian | debian_linux | 9.0 |
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-26 |
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-41 |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-43 |
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-40 |
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-34 |
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-34 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-34 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-34 |
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-34 |
ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| imagemagick | imagemagick | 7.0.8-34 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-908,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| f5 | big-ip_application_acceleration_manager | * |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| f5 | big-ip_webaccelerator | * |
| imagemagick | imagemagick | * |
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| imagemagick | imagemagick | * |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-50 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-50 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-50 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-50 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-50 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-193,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-193,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-50 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-50 |
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-54 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-41 |
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-43 |
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-43 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-35 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-35 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
| opensuse | backports | sle-15 |
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-35 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| imagemagick | imagemagick | 7.0.8-40 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-43 |
| opensuse | leap | 15.0 |
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 19.10 |
| imagemagick | imagemagick | 7.0.8-43 |
| canonical | ubuntu_linux | 16.04 |
| opensuse | leap | 15.0 |
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-674,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 20.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| imagemagick | imagemagick | 7.0.8-43 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 20.04 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.1 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| graphicsmagick | graphicsmagick | * |
| imagemagick | imagemagick | * |
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.10 |
| opensuse | leap | 15.0 |
| imagemagick | imagemagick | * |
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.8-35 |
| debian | debian_linux | 9.0 |
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.9 |
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.0.10-7 |
| debian | debian_linux | 9.0 |
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H | 1.8 | 4.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 34 |
| imagemagick | imagemagick | * |
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.2 |
| imagemagick | imagemagick | 7.0.10-34 |
| debian | debian_linux | 9.0 |
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H | 2.8 | 4.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| imagemagick | imagemagick | * |
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| imagemagick | imagemagick | * |
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-91,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 33 |
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 37 |
| fedoraproject | fedora | 36 |
| imagemagick | imagemagick | 7.0.11-5 |
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 5.0 |
| fedoraproject | fedora | 34 |
| imagemagick | imagemagick | * |
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| fedoraproject | fedora | 34 |
| imagemagick | imagemagick | * |
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.8 | 2.5 |
| nvd@nist.gov | 3.6 | LOW | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.0 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-668,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.1.0-14 |
An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.1.0-4 |
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| fedoraproject | fedora | 36 |
| imagemagick | imagemagick | * |
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| imagemagick | imagemagick | 7.1.0-27 |
| debian | debian_linux | 9.0 |
| imagemagick | imagemagick | * |
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| fedoraproject | extra_packages_for_enterprise_linux | 9.0 |
| fedoraproject | fedora | 36 |
| imagemagick | imagemagick | * |
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 36 |
| imagemagick | imagemagick | * |
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 36 |
| imagemagick | imagemagick | * |
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-704,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 7.0 |
| fedoraproject | fedora | 36 |
| imagemagick | imagemagick | * |
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.1.0-49 |
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.1.0-49 |
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 6.9.11-22 |
| fedoraproject | fedora | 39 |
| imagemagick | imagemagick | 7.0.10-45 |
| fedoraproject | fedora | 38 |
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| fedoraproject | extra_packages_for_enterprise_linux | 9.0 |
| redhat | enterprise_linux | 9.0 |
| fedoraproject | fedora | 36 |
| redhat | enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | 7.1.1-4 |
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 10.0 |
| redhat | enterprise_linux | 6.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux | 6.0 |
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| redhat | enterprise_linux | 7.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | - |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 37 |
| imagemagick | imagemagick | * |
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| secalert@redhat.com | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 |
| imagemagick | imagemagick | * |
| fedoraproject | fedora | 38 |
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 2.9 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 1.4 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| imagemagick | imagemagick | * |
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@mitre.org | 2.9 | LOW | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 1.4 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.2 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.2 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L | 1.8 | 4.2 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.2 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 3.8 | LOW | CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L | 0.3 | 3.4 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating the extent value by multiplying image columns by bits per pixel. On 32-bit systems with size_t of 4 bytes, a malicious BMP file with specific dimensions can cause this multiplication to overflow and wrap to zero. The overflow check added to address CVE-2025-57803 is placed after the overflow occurs, making it ineffective. A specially crafted 58-byte BMP file with width set to 536,870,912 and 32 bits per pixel can trigger this overflow, causing the bytes_per_line calculation to become zero. This vulnerability only affects 32-bit builds of ImageMagick where default resource limits for width, height, and area have been manually increased beyond their defaults. 64-bit systems with size_t of 8 bytes are not vulnerable, and systems using default ImageMagick resource limits are not vulnerable. The vulnerability is fixed in versions 7.1.2-7 and 6.9.13-32.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.2 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. This issue has been patched in version 7.1.2-8.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.9 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | 1.4 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. This results in a small heap allocation via AcquireQuantumMemory and later operations relying on the dimensions can trigger an out of bounds read. This issue is fixed in version 7.1.2-10.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.5 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails. Version 7.1.2-13 contains a patch for the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H | 2.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before images are loaded. This can lead to DoS attack due to assertion failure (debug builds) or NULL pointer dereference (release builds). This issue is fixed in version 14.10.2.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dlemstra | magick.net | * |
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` function of the `msl.c` file, resources are allocated. But the function returns early without releasing these allocated resources. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows 32-bit `int`, causing an undersized heap allocation followed by an out-of-bounds write. This can crash the process or potentially lead to an out of bounds heap write. Version 7.1.2-15 contains a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H | 3.9 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` Image object is not freed on three early-return paths, resulting in a definite memory leak (~13.5KB+ per invocation) that can be exploited for denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an invalid sampling factor to bypass checks and trigger a division-by-zero during image loading, resulting in a reliable denial-of-service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On 32-bit systems/builds, a carefully crafted image can lead to an out of bounds heap write. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H | 2.2 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs, leading to a stack overflow. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operation element handler replaces and frees the image while the parser continues reading from it, leading to a UAF in ReadBlobString during further parsing. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVImage() (coders/yuv.c) when processing malicious YUV 4:2:2 (NoInterlace) images. The pixel-pair loop writes one pixel beyond the allocated row buffer. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an undefined `(size_t)` cast. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in the jpeg encoder causes an infinite loop when writing persistently fails. An attacker can trigger a 100% CPU consumption and process hang (Denial of Service) with a crafted image. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains an function that has an incorrect initialization that could cause an out of bounds read. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.5 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dlemstra | magick.net | * |
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer truncation when calculating the stride (row size) for pixel buffer allocation. The stride calculation overflows a 32-bit signed integer, resulting in an out-of-bounds memory reads. Versions 7.1.2-15 and 6.9.13-40 contain a patch.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L | 1.4 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dlemstra | magick.net | * |
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.9 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H | 1.4 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L | 2.2 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H | 1.4 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation of a value and it would allow an out of bounds write. This vulnerability is fixed in 7.1.2-16.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 2.5 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L | 1.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 6.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | 2.5 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in the SFW decoder when processing extremely large images. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H | 1.4 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 4.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.5 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| security-advisories@github.com | 5.1 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | 1.4 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| imagemagick | imagemagick | * |