U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:imagemagick:imagemagick:7.0.6-4:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 109 matching records.
Displaying matches 101 through 109.
Vuln ID Summary CVSS Severity
CVE-2017-11753

The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.

Published: July 30, 2017; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-11752

The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.

Published: July 30, 2017; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-11751

The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.

Published: July 30, 2017; 1:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-11750

The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

Published: July 30, 2017; 1:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2014-9907

coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.

Published: April 19, 2017; 10:59:00 AM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-5506

Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

Published: March 24, 2017; 11:59:00 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-10146

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

Published: March 24, 2017; 11:59:00 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-10145

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

Published: March 24, 2017; 11:59:00 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-10144

coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.

Published: March 24, 2017; 11:59:00 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH