Imagemagick

imagemagick

740 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (740)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-6491 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and cra...Show more Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.Show less
CVE-2016-5842 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
CVE-2016-5841 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variabl...Show more Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.Show less
CVE-2016-5691 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVE-2016-5690 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table...Show more The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.Show less
CVE-2016-5689 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVE-2016-5688 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trig...Show more The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.Show less
CVE-2016-5687 2Imagemagick Oracle 2Imagemagick Solaris May 6, 2026 Dec 13, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVE-2016-5118 7Canonical DebianGraphicsmagick+4 more 14Debian Linux GraphicsmagickImagemagick+11 more May 6, 2026 Jun 10, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.
CVE-2016-4564 1Imagemagick 1Imagemagick May 6, 2026 Jun 4, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of...Show more The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2016-4563 1Imagemagick 1Imagemagick May 6, 2026 Jun 4, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attacker...Show more The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2016-4562 1Imagemagick 1Imagemagick May 6, 2026 Jun 4, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service...Show more The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.Show less
CVE-2016-3718 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2016-3717 3Canonical ImagemagickRedhat 10Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+7 more May 6, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-3716 3Canonical ImagemagickRedhat 10Enterprise Linux Desktop Enterprise Linux Hpc NodeEnterprise Linux Hpc Node Eus+7 more May 6, 2026 May 5, 2016 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVE-2016-3715 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 5.8 MEDIUM· v2 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVE-2016-3714 5Canonical DebianImagemagick+2 more 6Debian Linux ImagemagickLeap+3 more Apr 21, 2026 May 5, 2016 N/A· v4 8.4 HIGH· v3 10.0 HIGH· v2 The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharact...Show more The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."Show less
CVE-2013-4298 1Imagemagick 1Imagemagick Apr 29, 2026 Sep 10, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
CVE-2012-3437 1Imagemagick 1Imagemagick Apr 29, 2026 Aug 7, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a...Show more The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.Show less
CVE-2012-1798 4Debian ImagemagickOpensuse+1 more 10Debian Linux Enterprise Linux DesktopEnterprise Linux Eus+7 more Apr 29, 2026 Jun 5, 2012 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

Previous 1...33 343536 37 Next