Vulnerabilities (CVE)

Filtered by vendor Imagemagick Subscribe
Filtered by product Imagemagick
Total 645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27765 3 Debian, Imagemagick, Redhat 3 Debian Linux, Imagemagick, Enterprise Linux 2023-12-10 4.3 MEDIUM 3.3 LOW
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVE-2020-25663 1 Imagemagick 1 Imagemagick 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVE-2020-27762 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
CVE-2021-20241 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVE-2020-13902 1 Imagemagick 1 Imagemagick 2023-12-10 5.8 MEDIUM 7.1 HIGH
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVE-2020-10251 1 Imagemagick 1 Imagemagick 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.
CVE-2019-19952 1 Imagemagick 1 Imagemagick 2023-12-10 7.5 HIGH 9.8 CRITICAL
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
CVE-2019-16711 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVE-2019-17540 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-12-10 6.8 MEDIUM 8.8 HIGH
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVE-2016-7523 1 Imagemagick 1 Imagemagick 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2019-16708 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVE-2016-7524 1 Imagemagick 1 Imagemagick 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2019-16709 3 Canonical, Imagemagick, Opensuse 4 Ubuntu Linux, Imagemagick, Backports and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVE-2019-17541 1 Imagemagick 1 Imagemagick 2023-12-10 6.8 MEDIUM 8.8 HIGH
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
CVE-2019-17547 1 Imagemagick 1 Imagemagick 2023-12-10 6.8 MEDIUM 8.8 HIGH
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2014-2030 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Opensuse 2023-12-10 6.8 MEDIUM 8.8 HIGH
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
CVE-2019-16712 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVE-2014-8561 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
imagemagick 6.8.9.6 has remote DOS via infinite loop
CVE-2014-1958 3 Canonical, Imagemagick, Opensuse 3 Ubuntu Linux, Imagemagick, Opensuse 2023-12-10 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
CVE-2019-16710 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.