Imagemagick

imagemagick

Vendor: Imagemagick • 739 CVEs

CVEs (739)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-12691 2Canonical Imagemagick 2Imagemagick Ubuntu Linux May 13, 2026 Sep 1, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-14060 2Canonical Imagemagick 2Imagemagick Ubuntu Linux May 13, 2026 Aug 31, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function w...Show more In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.Show less
CVE-2017-13769 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Aug 30, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
CVE-2017-13768 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Aug 30, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
CVE-2017-13758 1Imagemagick 1Imagemagick May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVE-2017-12875 1Imagemagick 1Imagemagick May 13, 2026 Aug 29, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVE-2017-12877 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Aug 28, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVE-2017-12876 1Imagemagick 1Imagemagick May 13, 2026 Aug 28, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVE-2017-13658 1Imagemagick 1Imagemagick May 13, 2026 Aug 24, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImag...Show more In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.Show less
CVE-2017-13146 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
CVE-2017-13145 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
CVE-2017-13144 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.
CVE-2017-13143 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVE-2017-13142 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
CVE-2017-13141 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
CVE-2017-13140 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width...Show more In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.Show less
CVE-2017-13139 3Canonical DebianImagemagick 3Debian Linux ImagemagickUbuntu Linux May 13, 2026 Aug 23, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2017-13134 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-13133 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
CVE-2017-13132 1Imagemagick 1Imagemagick May 13, 2026 Aug 23, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (asserti...Show more In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.Show less

Previous 1...192021...37 Next