) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:imagemagick:imagemagick:6.9.12-63:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-20244 |
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 2:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 7.1 HIGH |
| CVE-2021-20243 |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Published: March 09, 2021; 1:15:15 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2020-27768 |
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. Published: February 22, 2021; 11:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
| CVE-2020-25663 |
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0. Published: December 08, 2020; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-17547 |
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Published: October 13, 2019; 10:15:11 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2019-13136 |
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Published: July 01, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-16329 |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. Published: September 01, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-16328 |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. Published: September 01, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2014-9831 |
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. Published: August 07, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2014-9830 |
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. Published: August 07, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2014-9828 |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. Published: August 07, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2014-9827 |
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. Published: August 07, 2017; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-11447 |
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. Published: July 19, 2017; 3:29:00 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2014-9907 |
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. Published: April 19, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-5511 |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. Published: March 24, 2017; 11:59:01 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-5510 |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Published: March 24, 2017; 11:59:01 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-5509 |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. Published: March 24, 2017; 11:59:01 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-5506 |
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. Published: March 24, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-10146 |
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Published: March 24, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
| CVE-2016-10145 |
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. Published: March 24, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |