Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:imagemagick:imagemagick:7.0.1-4
There are 126 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2017-11352

In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.

Published: July 17, 2017; 9:18:21 AM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-9098

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Published: May 19, 2017; 3:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-5508

Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.

Published: March 24, 2017; 11:59:01 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-5507

Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.

Published: March 24, 2017; 11:59:01 AM -0400
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2015-8896

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

Published: March 15, 2017; 3:59:00 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8895

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.

Published: March 15, 2017; 3:59:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-8894

Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.

Published: March 15, 2017; 3:59:00 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10061

The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.

Published: March 03, 2017; 12:59:00 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10060

The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.

Published: March 02, 2017; 4:59:00 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-9559

coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.

Published: March 01, 2017; 10:59:00 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8900

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

Published: February 27, 2017; 5:59:00 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-8677

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.

Published: February 15, 2017; 4:59:00 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-8866

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Published: February 15, 2017; 2:59:01 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-8862

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.

Published: February 15, 2017; 2:59:00 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-9298

Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.

Published: January 27, 2017; 5:59:01 PM -0500
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7799

MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.

Published: January 18, 2017; 12:59:00 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7101

The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.

Published: January 18, 2017; 12:59:00 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-6823

Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.

Published: January 18, 2017; 12:59:00 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-6520

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

Published: December 13, 2016; 10:59:10 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2016-6491

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.

Published: December 13, 2016; 10:59:09 AM -0500
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM