Imagemagick

imagemagick

Vendor: Imagemagick • 739 CVEs

CVEs (739)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27773 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsig...Show more A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27772 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. Th...Show more A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27776 2Imagemagick Redhat 2Enterprise Linux Imagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned...Show more A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27775 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned c...Show more A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27774 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_...Show more A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27771 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of Get...Show more In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27770 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input fi...Show more Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.Show less
CVE-2020-27767 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` a...Show more A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27766 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigne...Show more A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.Show less
CVE-2020-27765 3Debian ImagemagickRedhat 3Debian Linux Enterprise LinuxImagemagick Nov 21, 2024 Dec 4, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most like...Show more A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.Show less
CVE-2020-27764 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 3, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is p...Show more In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.Show less
CVE-2020-27763 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 3, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likel...Show more A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.Show less
CVE-2020-27762 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 3, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. T...Show more A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.Show less
CVE-2020-27761 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 3, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was p...Show more WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.Show less
CVE-2020-27760 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 3, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to appli...Show more In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.Show less
CVE-2020-27759 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Dec 3, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a cr...Show more In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.Show less
CVE-2020-19667 2Debian Imagemagick 2Debian Linux Imagemagick Nov 21, 2024 Nov 20, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVE-2020-27560 3Debian ImagemagickOpensuse 3Debian Linux ImagemagickLeap Nov 21, 2024 Oct 22, 2020 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVE-2020-13902 1Imagemagick 1Imagemagick Nov 21, 2024 Jun 7, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVE-2020-10251 1Imagemagick 1Imagemagick Nov 21, 2024 Mar 10, 2020 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the i...Show more In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.Show less

Previous 1...8910...37 Next