Filtered by vendor Imagemagick Subscriptions
Filtered by product Imagemagick Subscriptions
Total 645 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-41817 1 Imagemagick 1 Imagemagick 2024-10-10 7 High
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
CVE-2021-40211 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-10-03 7.5 High
An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
CVE-2017-9409 1 Imagemagick 1 Imagemagick 2024-09-17 N/A
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-11478 1 Imagemagick 1 Imagemagick 2024-09-17 N/A
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
CVE-2017-12675 1 Imagemagick 1 Imagemagick 2024-09-17 N/A
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
CVE-2018-16329 1 Imagemagick 1 Imagemagick 2024-09-17 N/A
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2017-9407 1 Imagemagick 1 Imagemagick 2024-09-16 N/A
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-17883 1 Imagemagick 1 Imagemagick 2024-09-16 N/A
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
CVE-2017-11166 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-09-16 N/A
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.
CVE-2018-17967 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-09-16 N/A
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
CVE-2017-11522 1 Imagemagick 1 Imagemagick 2024-09-16 N/A
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2018-11624 1 Imagemagick 1 Imagemagick 2024-09-16 N/A
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
CVE-2017-9405 1 Imagemagick 1 Imagemagick 2024-09-16 N/A
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2018-16328 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-09-16 N/A
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2017-18272 1 Imagemagick 1 Imagemagick 2024-09-16 N/A
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
CVE-2016-3714 6 Canonical, Debian, Imagemagick and 3 more 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more 2024-09-11 8.4 High
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVE-2023-5341 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-08-20 6.2 Medium
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVE-2023-3745 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-08-20 5.5 Medium
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVE-2023-3428 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2024-08-20 6.2 Medium
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVE-2003-0555 1 Imagemagick 1 Imagemagick 2024-08-08 N/A
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.