Vulnerabilities (CVE)

Filtered by vendor Imagemagick Subscribe
Total 628 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3715 3 Canonical, Imagemagick, Redhat 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more 2023-02-02 5.8 MEDIUM 5.5 MEDIUM
It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files.
CVE-2016-3717 3 Canonical, Imagemagick, Redhat 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more 2023-02-02 7.1 HIGH 5.5 MEDIUM
It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files.
CVE-2016-3716 3 Canonical, Imagemagick, Redhat 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more 2023-02-02 4.3 MEDIUM 3.3 LOW
It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files.
CVE-2016-3714 5 Canonical, Debian, Imagemagick and 2 more 6 Ubuntu Linux, Debian Linux, Imagemagick and 3 more 2023-02-02 10.0 HIGH 8.4 HIGH
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application.
CVE-2016-3718 3 Canonical, Imagemagick, Redhat 10 Ubuntu Linux, Imagemagick, Enterprise Linux Desktop and 7 more 2023-02-02 4.3 MEDIUM 6.3 MEDIUM
A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images.
CVE-2022-32547 3 Fedoraproject, Imagemagick, Redhat 3 Fedora, Imagemagick, Enterprise Linux 2023-01-24 6.8 MEDIUM 7.8 HIGH
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVE-2016-8707 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2022-12-13 6.8 MEDIUM 7.8 HIGH
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
CVE-2020-27751 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2022-11-16 4.3 MEDIUM 3.3 LOW
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVE-2019-19948 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2022-10-31 7.5 HIGH 9.8 CRITICAL
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-19949 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2022-10-31 6.4 MEDIUM 9.1 CRITICAL
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVE-2021-20313 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2022-10-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-3574 2 Fedoraproject, Imagemagick 2 Fedora, Imagemagick 2022-09-29 N/A 3.3 LOW
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVE-2022-3213 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2022-09-21 N/A 5.5 MEDIUM
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVE-2022-1115 1 Imagemagick 1 Imagemagick 2022-09-06 N/A 5.5 MEDIUM
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVE-2022-0284 1 Imagemagick 1 Imagemagick 2022-09-01 N/A 7.1 HIGH
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVE-2021-20224 1 Imagemagick 1 Imagemagick 2022-08-29 N/A 5.5 MEDIUM
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
CVE-2022-2719 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2022-08-16 N/A 5.5 MEDIUM
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
CVE-2021-39212 1 Imagemagick 1 Imagemagick 2022-08-05 3.6 LOW 3.6 LOW
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.
CVE-2021-3596 4 Debian, Fedoraproject, Imagemagick and 1 more 4 Debian Linux, Fedora, Imagemagick and 1 more 2022-07-01 4.3 MEDIUM 6.5 MEDIUM
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
CVE-2022-32546 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2022-06-30 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.