Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:imagemagick:imagemagick:7.0.8-26:q16:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-27761 |
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. Published: December 03, 2020; 12:15:12 PM -0500 |
V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27760 |
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Published: December 03, 2020; 12:15:12 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-27759 |
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. Published: December 03, 2020; 12:15:12 PM -0500 |
V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2019-19949 |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Published: December 23, 2019; 8:15:11 PM -0500 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2019-18853 |
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. Published: November 11, 2019; 10:15:12 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-17547 |
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Published: October 13, 2019; 10:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-17541 |
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. Published: October 13, 2019; 10:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-17540 |
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Published: October 13, 2019; 10:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-14981 |
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. Published: August 12, 2019; 7:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14980 |
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. Published: August 12, 2019; 7:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13137 |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Published: July 01, 2019; 4:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13136 |
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Published: July 01, 2019; 4:15:11 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-13135 |
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. Published: July 01, 2019; 4:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-13134 |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Published: July 01, 2019; 4:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13133 |
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Published: July 01, 2019; 4:15:11 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-11470 |
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. Published: April 23, 2019; 10:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2019-10714 |
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. Published: April 02, 2019; 5:29:00 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-9831 |
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. Published: August 07, 2017; 4:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-9830 |
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. Published: August 07, 2017; 4:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-9828 |
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. Published: August 07, 2017; 4:29:00 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |