Imagemagick

imagemagick

740 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (740)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-10063 1Imagemagick 1Imagemagick May 13, 2026 Mar 2, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
CVE-2016-10062 1Imagemagick 1Imagemagick May 13, 2026 Mar 2, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2016-10060 1Imagemagick 1Imagemagick May 13, 2026 Mar 2, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application cras...Show more The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.Show less
CVE-2016-9559 2Debian Imagemagick 2Debian Linux Imagemagick May 13, 2026 Mar 1, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2015-8903 1Imagemagick 1Imagemagick May 13, 2026 Feb 27, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
CVE-2015-8902 1Imagemagick 1Imagemagick May 13, 2026 Feb 27, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
CVE-2015-8901 1Imagemagick 1Imagemagick May 13, 2026 Feb 27, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
CVE-2015-8900 1Imagemagick 1Imagemagick May 13, 2026 Feb 27, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
CVE-2016-9773 1Imagemagick 1Imagemagick May 13, 2026 Feb 17, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE:...Show more Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.Show less
CVE-2016-8678 1Imagemagick 1Imagemagick May 13, 2026 Feb 15, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is...Show more The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Show less
CVE-2016-8677 3Debian ImagemagickOpensuse 3Debian Linux ImagemagickOpensuse May 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
CVE-2016-8866 2Imagemagick Opensuse 3Imagemagick LeapOpensuse May 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: thi...Show more The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.Show less
CVE-2016-8862 2Debian Imagemagick 2Debian Linux Imagemagick May 13, 2026 Feb 15, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVE-2016-9298 1Imagemagick 1Imagemagick May 13, 2026 Jan 27, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVE-2016-7906 2Debian Imagemagick 2Debian Linux Imagemagick May 13, 2026 Jan 18, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVE-2016-7799 2Debian Imagemagick 2Debian Linux Imagemagick May 13, 2026 Jan 18, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7101 1Imagemagick 1Imagemagick May 13, 2026 Jan 18, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
CVE-2016-6823 1Imagemagick 1Imagemagick May 13, 2026 Jan 18, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVE-2016-8707 2Debian Imagemagick 2Debian Linux Imagemagick May 6, 2026 Dec 23, 2016 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be...Show more An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.Show less
CVE-2016-6520 1Imagemagick 1Imagemagick May 6, 2026 Dec 13, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

Previous 1...333435 36 37 Next