Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:imagemagick:imagemagick:5.3
There are 150 matching records.
Displaying matches 141 through 150.
Vuln ID Summary CVSS Severity
CVE-2012-1186

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

Published: June 05, 2012; 6:55:09 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-1185

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.

Published: June 05, 2012; 6:55:09 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2012-0260

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Published: June 05, 2012; 6:55:07 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2012-0259

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

Published: June 05, 2012; 6:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0248

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Published: June 05, 2012; 6:55:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Published: June 05, 2012; 6:55:06 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4167

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.

Published: November 22, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Published: March 24, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-3744

Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

Published: August 24, 2006; 9:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2005-0397

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Published: May 02, 2005; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH