Vulnerabilities (CVE)

Filtered by vendor Imagemagick Subscribe
Total 643 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7525 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7524 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7523 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7522 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7521 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7520 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
CVE-2016-7517 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
CVE-2016-7515 1 Imagemagick 1 Imagemagick 2024-07-03 4.3 MEDIUM 6.5 MEDIUM
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
CVE-2017-5509 1 Imagemagick 1 Imagemagick 2024-06-27 6.8 MEDIUM 7.8 HIGH
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2017-5510 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-06-27 6.8 MEDIUM 7.8 HIGH
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVE-2017-5511 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-06-27 7.5 HIGH 9.8 CRITICAL
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVE-2022-48541 2 Fedoraproject, Imagemagick 2 Fedora, Imagemagick 2024-03-20 N/A 7.1 HIGH
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
CVE-2023-5341 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-02-22 N/A 5.5 MEDIUM
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-34151 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-02-22 N/A 5.5 MEDIUM
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
CVE-2023-1289 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-02-22 N/A 5.5 MEDIUM
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
CVE-2023-39978 2 Fedoraproject, Imagemagick 2 Fedora, Imagemagick 2024-02-05 N/A 3.3 LOW
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
CVE-2023-3745 1 Imagemagick 1 Imagemagick 2024-02-05 N/A 5.5 MEDIUM
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVE-2023-34475 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2024-02-04 N/A 5.5 MEDIUM
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
CVE-2023-34152 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-02-04 N/A 9.8 CRITICAL
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
CVE-2023-1906 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2024-02-04 N/A 5.5 MEDIUM
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.