Search Results (Refine Search)
- Keyword (text search): ImageMagick
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-27766 |
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. Published: December 04, 2020; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-27765 |
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Published: December 04, 2020; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27764 |
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. Published: December 03, 2020; 12:15:13 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27763 |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Published: December 03, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27762 |
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Published: December 03, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-27761 |
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. Published: December 03, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-27760 |
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Published: December 03, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-27759 |
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. Published: December 03, 2020; 12:15:12 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-19667 |
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Published: November 20, 2020; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-27560 |
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Published: October 22, 2020; 10:15:13 AM -0400 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 4.3 MEDIUM |
CVE-2020-13902 |
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Published: June 07, 2020; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2020-10251 |
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. Published: March 10, 2020; 12:15:11 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-1947 |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Published: February 17, 2020; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-2030 |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. Published: February 06, 2020; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2014-1958 |
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. Published: February 06, 2020; 10:15:10 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-7524 |
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Published: February 06, 2020; 9:15:10 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7523 |
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Published: February 06, 2020; 9:15:10 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19952 |
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Published: December 23, 2019; 8:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-19949 |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Published: December 23, 2019; 8:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2019-19948 |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Published: December 23, 2019; 8:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |