Total
645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9133 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. | |||||
| CVE-2018-8960 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | |||||
| CVE-2018-8804 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-19 | 6.8 MEDIUM | 8.8 HIGH |
| WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-7443 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). | |||||
| CVE-2018-18024 | 1 Imagemagick | 1 Imagemagick | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. | |||||
| CVE-2018-10177 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. | |||||
| CVE-2017-18252 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. | |||||
| CVE-2017-17681 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2020-08-19 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | |||||
| CVE-2012-1610 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. | |||||
| CVE-2015-8902 | 1 Imagemagick | 1 Imagemagick | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | |||||
| CVE-2015-8901 | 1 Imagemagick | 1 Imagemagick | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |||||
| CVE-2015-8903 | 1 Imagemagick | 1 Imagemagick | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | |||||
| CVE-2012-1798 | 4 Debian, Imagemagick, Opensuse and 1 more | 10 Debian Linux, Imagemagick, Opensuse and 7 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. | |||||
| CVE-2012-0259 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. | |||||
| CVE-2012-0260 | 5 Canonical, Debian, Imagemagick and 2 more | 11 Ubuntu Linux, Debian Linux, Imagemagick and 8 more | 2020-07-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. | |||||
| CVE-2012-0248 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2020-07-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | |||||
| CVE-2012-0247 | 4 Canonical, Debian, Imagemagick and 1 more | 10 Ubuntu Linux, Debian Linux, Imagemagick and 7 more | 2020-07-31 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | |||||
| CVE-2015-8900 | 1 Imagemagick | 1 Imagemagick | 2020-07-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file. | |||||
| CVE-2019-15140 | 1 Imagemagick | 1 Imagemagick | 2020-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. | |||||
| CVE-2020-13902 | 1 Imagemagick | 1 Imagemagick | 2020-06-10 | 5.8 MEDIUM | 7.1 HIGH |
| ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | |||||