Total
642 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13902 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | |||||
CVE-2019-19948 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | |||||
CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | |||||
CVE-2019-17547 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. | |||||
CVE-2014-1958 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. | |||||
CVE-2019-19949 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | |||||
CVE-2019-16709 | 3 Canonical, Imagemagick, Opensuse | 4 Ubuntu Linux, Imagemagick, Backports and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. | |||||
CVE-2019-17541 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | |||||
CVE-2019-19952 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. | |||||
CVE-2019-16712 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. | |||||
CVE-2019-17540 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | |||||
CVE-2014-1947 | 2 Imagemagick, Suse | 4 Imagemagick, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. | |||||
CVE-2014-8561 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
imagemagick 6.8.9.6 has remote DOS via infinite loop | |||||
CVE-2019-16711 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | |||||
CVE-2016-7523 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
CVE-2016-7524 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
CVE-2019-16713 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | |||||
CVE-2020-10251 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. | |||||
CVE-2019-16708 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | |||||
CVE-2019-18853 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. |