National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:imagemagick:imagemagick:6.2.0.4
There are 159 matching records.
Displaying matches 141 through 159.
Vuln ID Summary CVSS Severity
CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."

Published: May 05, 2016; 02:59:03 PM -04:00
V3.0: 8.4 HIGH
    V2: 10.0 HIGH
CVE-2013-4298

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.

Published: September 10, 2013; 03:55:11 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1798

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

Published: June 05, 2012; 06:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1610

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.

Published: June 05, 2012; 06:55:10 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1186

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

Published: June 05, 2012; 06:55:09 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-1185

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.

Published: June 05, 2012; 06:55:09 PM -04:00
    V2: 9.3 HIGH
CVE-2012-0260

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Published: June 05, 2012; 06:55:07 PM -04:00
    V2: 5.0 MEDIUM
CVE-2012-0259

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

Published: June 05, 2012; 06:55:07 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0248

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Published: June 05, 2012; 06:55:07 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-0247

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Published: June 05, 2012; 06:55:06 PM -04:00
    V2: 9.3 HIGH
CVE-2010-4167

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.

Published: November 22, 2010; 03:00:03 PM -05:00
    V2: 6.9 MEDIUM
CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Published: March 24, 2007; 05:19:00 PM -04:00
    V2: 9.3 HIGH
CVE-2006-5868

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.

Published: November 21, 2006; 08:07:00 PM -05:00
    V2: 9.3 HIGH
CVE-2006-3743

Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.

Published: August 24, 2006; 09:04:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-3744

Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

Published: August 24, 2006; 09:04:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4144

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

Published: August 15, 2006; 07:04:00 PM -04:00
    V2: 2.6 LOW
CVE-2005-1739

The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.

Published: May 24, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-0005

Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

Published: May 02, 2005; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2005-1275

Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

Published: April 25, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM