U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): imagemagick
  • Search Type: Search All
  • CPE Name Search: false
There are 649 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2018-16640

ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.

Published: September 06, 2018; 6:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-16413

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.

Published: September 03, 2018; 3:29:01 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-16412

ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.

Published: September 03, 2018; 3:29:01 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-16329

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.

Published: September 01, 2018; 6:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-16328

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.

Published: September 01, 2018; 6:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-16323

ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

Published: September 01, 2018; 2:29:01 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-15607

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Published: August 21, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2018-14551

The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

Published: July 23, 2018; 4:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-14437

ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.

Published: July 19, 2018; 8:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14436

ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.

Published: July 19, 2018; 8:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14435

ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.

Published: July 19, 2018; 8:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14434

ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.

Published: July 19, 2018; 8:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-13153

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.

Published: July 04, 2018; 10:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-12600

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

Published: June 20, 2018; 2:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-12599

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

Published: June 20, 2018; 2:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-11656

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.

Published: June 01, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-11655

In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.

Published: June 01, 2018; 11:29:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-10571

bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: May 31, 2018; 4:29:02 PM -0400
V3.0: 8.1 HIGH
V2.0: 9.3 HIGH
CVE-2018-11625

In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.

Published: May 31, 2018; 12:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-11624

In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.

Published: May 31, 2018; 12:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM