Filtered by vendor Imagemagick
Subscriptions
Filtered by product Imagemagick
Subscriptions
Total
645 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-41817 | 1 Imagemagick | 1 Imagemagick | 2024-10-10 | 7 High |
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. | ||||
CVE-2021-40211 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-10-03 | 7.5 High |
An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. | ||||
CVE-2017-9409 | 1 Imagemagick | 1 Imagemagick | 2024-09-17 | N/A |
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
CVE-2017-11478 | 1 Imagemagick | 1 Imagemagick | 2024-09-17 | N/A |
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | ||||
CVE-2017-12675 | 1 Imagemagick | 1 Imagemagick | 2024-09-17 | N/A |
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service. | ||||
CVE-2018-16329 | 1 Imagemagick | 1 Imagemagick | 2024-09-17 | N/A |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | ||||
CVE-2017-9407 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
CVE-2017-17883 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. | ||||
CVE-2017-11166 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-09-16 | N/A |
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. | ||||
CVE-2018-17967 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-09-16 | N/A |
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. | ||||
CVE-2017-11522 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | ||||
CVE-2018-11624 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | ||||
CVE-2017-9405 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
CVE-2018-16328 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-09-16 | N/A |
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | ||||
CVE-2017-18272 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. | ||||
CVE-2016-3714 | 6 Canonical, Debian, Imagemagick and 3 more | 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more | 2024-09-11 | 8.4 High |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
CVE-2023-5341 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-08-20 | 6.2 Medium |
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | ||||
CVE-2023-3745 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-08-20 | 5.5 Medium |
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. | ||||
CVE-2023-3428 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2024-08-20 | 6.2 Medium |
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | ||||
CVE-2003-0555 | 1 Imagemagick | 1 Imagemagick | 2024-08-08 | N/A |
ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability. |