Product:

Imagemagick

(Imagemagick)
Date Id Summary Products Score Patch Annotated
2023-03-23 CVE-2023-1289 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote... Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 5.5
2023-05-30 CVE-2023-34151 A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). Extra_packages_for_enterprise_linux, Fedora, Imagemagick, Enterprise_linux 5.5
2023-11-19 CVE-2023-5341 A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Extra_packages_for_enterprise_linux, Fedora, Imagemagick 5.5
2007-09-24 CVE-2007-4988 Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. Ubuntu_linux, Imagemagick 7.8
2023-08-22 CVE-2022-48541 A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Imagemagick 7.5
2023-08-08 CVE-2023-39978 ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Fedora, Imagemagick 3.3
2012-06-05 CVE-2012-1185 Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Ubuntu_linux, Debian_linux, Imagemagick, Opensuse 7.8
2012-06-05 CVE-2012-1186 Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. Ubuntu_linux, Debian_linux, Imagemagick, Opensuse 5.5
2016-12-13 CVE-2016-5687 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. Imagemagick, Solaris 9.8
2016-12-13 CVE-2016-5688 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. Imagemagick, Solaris 8.1