U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): imagemagick
  • Search Type: Search All
  • CPE Name Search: false
There are 665 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2017-15016

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.

Published: October 04, 2017; 9:29:05 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-15015

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

Published: October 04, 2017; 9:29:05 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14989

A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.

Published: October 02, 2017; 9:29:02 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14741

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.

Published: September 25, 2017; 10:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14739

The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.

Published: September 25, 2017; 10:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-14684

In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.

Published: September 21, 2017; 9:29:25 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2017-14682

GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.

Published: September 21, 2017; 7:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14650

A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.

Published: September 21, 2017; 1:29:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.

Published: September 21, 2017; 1:29:01 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14625

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.

Published: September 21, 2017; 1:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14624

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.

Published: September 21, 2017; 1:29:00 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14607

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

Published: September 20, 2017; 1:29:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2017-14533

ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.

Published: September 17, 2017; 9:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14532

ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

Published: September 17, 2017; 9:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-14531

ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.

Published: September 17, 2017; 9:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2017-14528

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.

Published: September 17, 2017; 8:29:00 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14505

DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.

Published: September 17, 2017; 3:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14400

In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.

Published: September 12, 2017; 5:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14343

ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.

Published: September 12, 2017; 1:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-14342

ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

Published: September 12, 2017; 1:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM