Product:

Imagemagick

(Imagemagick)
Date Id Summary Products Score Patch Annotated
2021-09-13 CVE-2021-39212 ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few... Imagemagick 4.4
2019-09-23 CVE-2019-16708 ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Imagemagick 6.5
2019-09-23 CVE-2019-16709 ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Imagemagick 6.5
2019-09-23 CVE-2019-16710 ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Imagemagick 6.5
2019-09-23 CVE-2019-16711 ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Imagemagick 6.5
2019-09-23 CVE-2019-16712 ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Imagemagick 6.5
2019-09-23 CVE-2019-16713 ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Imagemagick 6.5
2021-06-25 CVE-2021-34183 ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c. Imagemagick 7.5
2020-12-08 CVE-2020-27751 A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Imagemagick 3.3
2021-03-09 CVE-2021-20245 A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Fedora, Imagemagick, Enterprise_linux 5.5