Total
644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9556 | 3 Debian, Imagemagick, Opensuse Project | 3 Debian Linux, Imagemagick, Leap | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | |||||
| CVE-2014-9915 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | |||||
| CVE-2016-10046 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | |||||
| CVE-2016-10048 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2017-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | |||||
| CVE-2016-10047 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 7.1 HIGH | 5.5 MEDIUM |
| Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | |||||
| CVE-2014-9840 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||||
| CVE-2014-9839 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 5.0 MEDIUM | 7.5 HIGH |
| magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | |||||
| CVE-2014-9838 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2014-9836 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | |||||
| CVE-2014-9835 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | |||||
| CVE-2014-9834 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. | |||||
| CVE-2014-9833 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. | |||||
| CVE-2014-9832 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 6.8 MEDIUM | 7.8 HIGH |
| Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. | |||||
| CVE-2015-8894 | 1 Imagemagick | 1 Imagemagick | 2017-03-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | |||||
| CVE-2016-10067 | 1 Imagemagick | 1 Imagemagick | 2017-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | |||||
| CVE-2016-10069 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2017-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | |||||
| CVE-2016-8678 | 1 Imagemagick | 1 Imagemagick | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." | |||||
| CVE-2016-5841 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. | |||||
| CVE-2003-0555 | 1 Imagemagick | 1 Imagemagick | 2016-10-18 | 7.5 HIGH | N/A |
| ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability. | |||||
| CVE-2016-4564 | 1 Imagemagick | 1 Imagemagick | 2016-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||