Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Imagemagick
(Imagemagick)| Repositories |
• https://github.com/ImageMagick/ImageMagick
• https://github.com/ImageMagick/ImageMagick6 |
| #Vulnerabilities | 645 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-02 | CVE-2016-10060 | The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | Imagemagick | 6.5 | ||
| 2017-03-01 | CVE-2016-9559 | coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. | Debian_linux, Imagemagick | 6.5 | ||
| 2019-11-11 | CVE-2019-18853 | ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. | Imagemagick | 6.5 | ||
| 2018-01-02 | CVE-2017-1000445 | ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | Ubuntu_linux, Debian_linux, Imagemagick | 6.5 | ||
| 2017-12-11 | CVE-2017-17504 | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | Ubuntu_linux, Debian_linux, Imagemagick | 6.5 | ||
| 2019-02-05 | CVE-2019-7398 | In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. | Ubuntu_linux, Debian_linux, Imagemagick, Leap | 7.5 | ||
| 2019-02-05 | CVE-2019-7397 | In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. | Ubuntu_linux, Debian_linux, Graphicsmagick, Imagemagick, Leap | 7.5 | ||
| 2016-12-13 | CVE-2016-5842 | MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | Imagemagick, Solaris | 7.5 | ||
| 2017-02-15 | CVE-2016-8866 | The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. | Imagemagick, Leap, Opensuse | 8.8 | ||
| 2017-01-18 | CVE-2016-7799 | MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | Debian_linux, Imagemagick | 6.5 |