Skip to main content

Imagemagick

694 CVEs product

Monthly

CVE-2020-27771 LOW POC Monitor

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow Imagemagick Enterprise Linux +1
NVD
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-27770 MEDIUM POC This Month

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-27767 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27766 HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-27765 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/segment.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-27764 LOW PATCH Monitor

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27763 LOW PATCH Monitor

A flaw was found in ImageMagick in MagickCore/resize.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2020-27762 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-27761 LOW PATCH Monitor

WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27760 MEDIUM PATCH This Month

In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-27759 LOW PATCH Monitor

In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-19667 HIGH POC This Week

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-27560 LOW PATCH Monitor

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Leap
NVD GitHub
CVSS 3.1
3.3
EPSS
1.5%
CVE-2020-13902 HIGH This Week

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-10251 MEDIUM POC This Month

In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-19952 CRITICAL POC Act Now

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-19949 CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2019-19948 CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-18853 MEDIUM PATCH This Month

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-17547 HIGH PATCH This Week

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-17541 HIGH POC PATCH This Week

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-17540 HIGH PATCH This Week

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-16713 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16712 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.6%
CVE-2019-16711 MEDIUM POC This Month

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16710 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16709 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Backports Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-16708 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-15141 MEDIUM POC PATCH This Month

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-15140 HIGH POC PATCH This Week

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
4.1%
CVE-2019-15139 MEDIUM POC PATCH This Month

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.5%
CVE-2019-14981 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-14980 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-13454 MEDIUM POC PATCH This Month

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
4.4%
CVE-2019-13391 HIGH POC PATCH This Week

In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2019-13311 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Debian Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-13310 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-13309 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-13308 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2019-13307 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13306 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13305 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13304 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2019-13303 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-13302 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-13301 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-13300 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-13299 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2019-13298 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2019-13297 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-13296 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-13295 HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Leap +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-13137 MEDIUM POC PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-13136 HIGH POC PATCH This Week

ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-13135 HIGH PATCH This Week

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Big Ip Application Acceleration Manager +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-13134 MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-13133 MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-12979 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
2.4%
CVE-2019-12978 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-12977 HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
7.8
EPSS
1.9%
CVE-2019-12976 MEDIUM POC This Month

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
2.4%
CVE-2019-12975 MEDIUM PATCH This Month

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
2.3%
CVE-2019-12974 MEDIUM PATCH This Month

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
5.5
EPSS
2.3%
CVE-2019-10131 HIGH PATCH This Week

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Imagemagick Enterprise Linux Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
1.3%
CVE-2019-11598 HIGH POC This Week

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.1
EPSS
4.1%
CVE-2019-11597 HIGH POC This Week

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.1
EPSS
3.7%
CVE-2019-11472 MEDIUM POC PATCH This Month

ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.4%
CVE-2019-11470 MEDIUM POC PATCH This Month

The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.6%
CVE-2019-10714 MEDIUM POC PATCH This Month

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-10650 HIGH POC This Week

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
4.1%
CVE-2019-10649 MEDIUM POC This Month

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-9956 HIGH POC This Week

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Imagemagick +1
NVD GitHub
CVSS 3.0
8.8
EPSS
5.9%
CVE-2019-7175 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2019-7398 HIGH POC This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-7397 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Graphicsmagick Leap Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-7396 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-7395 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2018-20467 MEDIUM POC PATCH This Month

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-18544 MEDIUM POC This Month

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphicsmagick Imagemagick Leap
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-18025 MEDIUM POC This Month

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-18024 MEDIUM POC This Month

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
3.0%
CVE-2018-18023 MEDIUM POC This Month

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-18016 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-17967 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-17966 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-17965 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-16750 MEDIUM POC This Month

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-16749 MEDIUM POC PATCH This Month

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.3%
CVE-2018-16645 MEDIUM PATCH This Month

There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-16644 MEDIUM PATCH This Month

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.6%
EPSS 1% CVSS 3.3
LOW POC Monitor

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/segment.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux +1
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow +2
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

A flaw was found in ImageMagick in MagickCore/resize.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Red Hat Integer Overflow +2
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Imagemagick +1
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.1
HIGH This Week

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Imagemagick
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Backports +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Imagemagick +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Imagemagick
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Imagemagick Debian Linux +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Leap
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC This Month

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Imagemagick Enterprise Linux +3
NVD GitHub
EPSS 4% CVSS 8.1
HIGH POC This Week

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 4% CVSS 8.1
HIGH POC This Week

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick
NVD GitHub
EPSS 4% CVSS 8.1
HIGH POC This Week

In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC This Month

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Debian Linux +1
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Graphicsmagick +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Leap +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphicsmagick Imagemagick +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Imagemagick +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick Ubuntu Linux +1
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Imagemagick +2
NVD GitHub
Prev Page 3 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy