Search Results (Refine Search)
- CPE Product Version: cpe:/a:imagemagick:imagemagick:7.0.9-2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-20310 |
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Published: May 11, 2021; 7:15:08 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2021-20309 |
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. Published: May 11, 2021; 7:15:08 PM -0400 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2020-27829 |
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. Published: March 26, 2021; 1:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-20246 |
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 2:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2021-20245 |
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 2:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2021-20244 |
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 2:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2021-20243 |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 1:15:15 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2021-20176 |
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. Published: February 05, 2021; 7:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-29599 |
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c. Published: December 07, 2020; 3:15:12 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-27767 |
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Published: December 04, 2020; 10:15:10 AM -0500 |
V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2019-19952 |
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Published: December 23, 2019; 8:15:11 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |