Imagemagick - Imagemagick CVE

Filtered by vendor Imagemagick

Filtered by product Imagemagick

Total 705 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-12587	1 Imagemagick	1 Imagemagick	2025-04-20	6.8 MEDIUM	8.8 HIGH
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
CVE-2017-8345	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-14505	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
CVE-2017-14607	3 Canonical, Debian, Imagemagick	3 Ubuntu Linux, Debian Linux, Imagemagick	2025-04-20	5.8 MEDIUM	8.1 HIGH
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2014-9844	5 Canonical, Imagemagick, Opensuse and 2 more	10 Ubuntu Linux, Imagemagick, Opensuse and 7 more	2025-04-20	4.3 MEDIUM	5.5 MEDIUM
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2016-10069	2 Imagemagick, Opensuse Project	2 Imagemagick, Leap	2025-04-20	4.3 MEDIUM	5.5 MEDIUM
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVE-2017-17914	3 Canonical, Debian, Imagemagick	3 Ubuntu Linux, Debian Linux, Imagemagick	2025-04-20	7.1 HIGH	6.5 MEDIUM
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
CVE-2014-9849	4 Canonical, Imagemagick, Opensuse and 1 more	9 Ubuntu Linux, Imagemagick, Opensuse and 6 more	2025-04-20	5.0 MEDIUM	7.5 HIGH
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVE-2017-9261	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2015-8901	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
CVE-2016-10063	1 Imagemagick	1 Imagemagick	2025-04-20	6.8 MEDIUM	7.8 HIGH
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
CVE-2017-13060	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2016-7517	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
CVE-2017-8346	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2016-8677	3 Debian, Imagemagick, Opensuse	3 Debian Linux, Imagemagick, Opensuse	2025-04-20	6.8 MEDIUM	8.8 HIGH
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
CVE-2017-11141	1 Imagemagick	1 Imagemagick	2025-04-20	7.1 HIGH	6.5 MEDIUM
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
CVE-2016-9559	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2017-9142	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
CVE-2017-17681	2 Canonical, Imagemagick	2 Ubuntu Linux, Imagemagick	2025-04-20	7.1 HIGH	6.5 MEDIUM
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVE-2017-11535	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.
CVE-2014-9833	1 Imagemagick	1 Imagemagick	2025-04-20	6.8 MEDIUM	7.8 HIGH
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVE-2016-7525	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-8862	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	6.8 MEDIUM	8.8 HIGH
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVE-2017-12654	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-11449	1 Imagemagick	1 Imagemagick	2025-04-20	6.8 MEDIUM	8.8 HIGH
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVE-2017-9141	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
CVE-2017-13146	1 Imagemagick	1 Imagemagick	2025-04-20	6.8 MEDIUM	8.8 HIGH
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
CVE-2017-13133	1 Imagemagick	1 Imagemagick	2025-04-20	7.1 HIGH	6.5 MEDIUM
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
CVE-2017-15217	2 Canonical, Imagemagick	2 Ubuntu Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-11640	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CVE-2017-17886	2 Canonical, Imagemagick	2 Ubuntu Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
CVE-2017-8347	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2014-9842	4 Canonical, Imagemagick, Opensuse and 1 more	9 Ubuntu Linux, Imagemagick, Opensuse and 6 more	2025-04-20	5.0 MEDIUM	7.5 HIGH
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2016-10252	1 Imagemagick	1 Imagemagick	2025-04-20	7.8 HIGH	7.5 HIGH
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
CVE-2017-11529	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-11448	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVE-2015-8898	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	5.5 MEDIUM
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVE-2017-14172	3 Canonical, Debian, Imagemagick	3 Ubuntu Linux, Debian Linux, Imagemagick	2025-04-20	7.1 HIGH	6.5 MEDIUM
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVE-2017-11446	1 Imagemagick	1 Imagemagick	2025-04-20	7.1 HIGH	6.5 MEDIUM
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
CVE-2015-8902	1 Imagemagick	1 Imagemagick	2025-04-20	4.3 MEDIUM	6.5 MEDIUM
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.

Vulnerabilities (CVE)