Total
705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10055 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
|
|||||
| CVE-2016-7527 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
|
|||||
| CVE-2016-10053 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
|
|||||
| CVE-2014-9834 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
|
|||||
| CVE-2014-9851 | 4 Canonical, Imagemagick, Opensuse and 1 more | 9 Ubuntu Linux, Imagemagick, Opensuse and 6 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
|
|||||
| CVE-2017-11310 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
|
|||||
| CVE-2017-12674 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
|
In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
|
|||||
| CVE-2017-11530 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
|
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
|
|||||
| CVE-2016-7520 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
|
|||||
| CVE-2014-9813 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
|
|||||
| CVE-2017-12877 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
|
|||||
| CVE-2017-12140 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
|
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
|
|||||
| CVE-2017-14625 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
|
|||||
| CVE-2017-15218 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
|
|||||
| CVE-2017-11523 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
|
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
|
|||||
| CVE-2016-10061 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
|
|||||
| CVE-2017-9144 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
|
|||||
| CVE-2014-8716 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 2.1 LOW | 6.2 MEDIUM |
|
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
|
|||||
| CVE-2014-9836 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
|
|||||
| CVE-2014-9819 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
|
|||||
| CVE-2014-9845 | 5 Canonical, Imagemagick, Opensuse and 2 more | 11 Ubuntu Linux, Imagemagick, Leap and 8 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
|
|||||
| CVE-2016-5010 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
|
|||||
| CVE-2017-11540 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
|
|||||
| CVE-2016-7538 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
|
|||||
| CVE-2016-10146 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
|
|||||
| CVE-2017-8343 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
|||||
| CVE-2016-4564 | 1 Imagemagick | 1 Imagemagick | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
|
|||||
| CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
|
|||||
| CVE-2016-4563 | 1 Imagemagick | 1 Imagemagick | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
|
|||||
| CVE-2016-5690 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
|
|||||
| CVE-2016-6491 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
|
|||||
| CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
|
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
|
|||||
| CVE-2016-5688 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
|
|||||
| CVE-2016-5689 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
|
|||||
| CVE-2016-8707 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
|
|||||
| CVE-2016-5842 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
|
|||||
| CVE-2016-5118 | 7 Canonical, Debian, Graphicsmagick and 4 more | 14 Ubuntu Linux, Debian Linux, Graphicsmagick and 11 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
|
|||||
| CVE-2016-5687 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
|
|||||
| CVE-2016-6520 | 1 Imagemagick | 1 Imagemagick | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
|
|||||
| CVE-2016-3716 | 3 Canonical, Imagemagick, Redhat | 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
|
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
|
|||||