Total
705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25664 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
|
|||||
| CVE-2020-25663 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick ...
Show More |
|||||
| CVE-2020-19667 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
|
|||||
| CVE-2020-13902 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
|
|||||
| CVE-2020-10251 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.
|
|||||
| CVE-2019-9956 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
|
|||||
| CVE-2019-7398 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
|
|||||
| CVE-2019-7397 | 5 Canonical, Debian, Graphicsmagick and 2 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
|
|||||
| CVE-2019-7396 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
|
|||||
| CVE-2019-7395 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
|
|||||
| CVE-2019-7175 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
|
|||||
| CVE-2019-19952 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
|
|||||
| CVE-2019-19949 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
|
|||||
| CVE-2019-19948 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
|
|||||
| CVE-2019-18853 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
|
|||||
| CVE-2019-17547 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
|
|||||
| CVE-2019-17541 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
|
|||||
| CVE-2019-17540 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
|
|||||
| CVE-2019-16713 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
|
|||||
| CVE-2019-16712 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
|
|||||
| CVE-2019-16711 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
|
|||||
| CVE-2019-16710 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
|
|||||
| CVE-2019-16709 | 3 Canonical, Imagemagick, Opensuse | 4 Ubuntu Linux, Imagemagick, Backports and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
|
|||||
| CVE-2019-16708 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
|
|||||
| CVE-2019-15141 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
|
|||||
| CVE-2019-15140 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
|
|||||
| CVE-2019-15139 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
|
|||||
| CVE-2019-14981 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
|
|||||
| CVE-2019-14980 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
|
|||||
| CVE-2019-13391 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
|
|||||
| CVE-2019-13311 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
|
|||||
| CVE-2019-13310 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Leap | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
|
|||||
| CVE-2019-13309 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
|
|||||
| CVE-2019-13308 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
|
|||||
| CVE-2019-13307 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
|
|||||
| CVE-2019-13306 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
|
|||||
| CVE-2019-13305 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
|
|||||
| CVE-2019-13304 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
|
|||||
| CVE-2019-13303 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
|
|||||
| CVE-2019-13302 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
|
|||||