U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 148 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2021-20312

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20311

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20310

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-20309

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Published: May 11, 2021; 7:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2020-27829

A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

Published: March 26, 2021; 1:15:11 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-20246

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Published: March 09, 2021; 2:15:12 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2021-20245

A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Published: March 09, 2021; 2:15:12 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2021-20244

A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Published: March 09, 2021; 2:15:12 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2021-20243

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

Published: March 09, 2021; 1:15:15 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27768

In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: February 22, 2021; 11:15:13 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2021-20176

A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.

Published: February 05, 2021; 7:15:12 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

Published: December 08, 2020; 5:15:18 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27757

A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.

Published: December 08, 2020; 5:15:18 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27756

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: December 08, 2020; 5:15:18 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27755

in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: December 08, 2020; 5:15:18 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27753

There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: December 08, 2020; 5:15:18 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-27752

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: December 08, 2020; 5:15:18 PM -0500
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-27751

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: December 08, 2020; 5:15:17 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0: 4.3 MEDIUM
CVE-2020-27750

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

Published: December 08, 2020; 5:15:17 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-25676

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Published: December 08, 2020; 5:15:17 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 4.3 MEDIUM