Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:imagemagick:imagemagick:7.1.0-3:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 14 matching records.
Displaying matches 1 through 14.
Vuln ID Summary CVSS Severity
CVE-2021-39212

ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.

Published: September 13, 2021; 2:15:23 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 3.6 LOW
CVE-2014-9831

coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.

Published: August 07, 2017; 4:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-9830

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.

Published: August 07, 2017; 4:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-9828

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.

Published: August 07, 2017; 4:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-9827

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

Published: August 07, 2017; 4:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-9907

coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.

Published: April 19, 2017; 10:59:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-5511

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.

Published: March 24, 2017; 11:59:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-5510

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Published: March 24, 2017; 11:59:01 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-5509

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Published: March 24, 2017; 11:59:01 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-5506

Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

Published: March 24, 2017; 11:59:00 AM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-10146

Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

Published: March 24, 2017; 11:59:00 AM -0400
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-10145

Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.

Published: March 24, 2017; 11:59:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-10144

coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.

Published: March 24, 2017; 11:59:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2007-1667

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

Published: March 24, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH