Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Imagemagick Subscribe
Total 645 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0981 4 Debian, Gentoo, Imagemagick and 1 more 4 Debian Linux, Linux, Imagemagick and 1 more 2017-10-11 10.0 HIGH N/A
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVE-2004-0827 9 Conectiva, Enlightenment, Imagemagick and 6 more 14 Linux, Imlib, Imlib2 and 11 more 2017-10-11 7.5 HIGH N/A
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVE-2004-0817 9 Conectiva, Enlightenment, Imagemagick and 6 more 16 Linux, Imlib, Imlib2 and 13 more 2017-10-11 7.5 HIGH N/A
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2008-1097 1 Imagemagick 2 Graphicsmagick, Imagemagick 2017-09-29 6.8 MEDIUM N/A
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
CVE-2008-1096 1 Imagemagick 2 Graphicsmagick, Imagemagick 2017-09-29 6.8 MEDIUM N/A
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
CVE-2012-3437 1 Imagemagick 1 Imagemagick 2017-08-29 4.3 MEDIUM N/A
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVE-2014-9830 1 Imagemagick 1 Imagemagick 2017-08-08 6.8 MEDIUM 8.8 HIGH
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
CVE-2014-9831 1 Imagemagick 1 Imagemagick 2017-08-08 6.8 MEDIUM 8.8 HIGH
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVE-2014-9827 1 Imagemagick 1 Imagemagick 2017-08-08 6.8 MEDIUM 8.8 HIGH
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVE-2014-9828 1 Imagemagick 1 Imagemagick 2017-08-08 6.8 MEDIUM 8.8 HIGH
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
CVE-2017-11753 1 Imagemagick 1 Imagemagick 2017-08-02 4.3 MEDIUM 6.5 MEDIUM
The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.
CVE-2017-11750 1 Imagemagick 1 Imagemagick 2017-08-02 4.3 MEDIUM 6.5 MEDIUM
The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2017-11530 1 Imagemagick 1 Imagemagick 2017-07-28 7.1 HIGH 6.5 MEDIUM
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-11527 1 Imagemagick 1 Imagemagick 2017-07-28 7.1 HIGH 6.5 MEDIUM
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-11526 1 Imagemagick 1 Imagemagick 2017-07-28 7.1 HIGH 6.5 MEDIUM
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
CVE-2016-7539 1 Imagemagick 1 Imagemagick 2017-07-27 7.8 HIGH 7.5 HIGH
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVE-2017-11522 1 Imagemagick 1 Imagemagick 2017-07-27 4.3 MEDIUM 6.5 MEDIUM
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2004-0802 9 Conectiva, Enlightenment, Imagemagick and 6 more 16 Linux, Imlib, Imlib2 and 13 more 2017-07-11 5.1 MEDIUM N/A
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVE-2016-9298 1 Imagemagick 1 Imagemagick 2017-07-01 4.3 MEDIUM 5.5 MEDIUM
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVE-2016-6491 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2017-07-01 6.8 MEDIUM 8.8 HIGH
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.