Imagemagick CVEs and Security Vulnerabilities

Filtered by vendor Imagemagick Subscriptions

Search

Switch to Advanced Search (Beta)

Total 706 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-11448	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVE-2016-7799	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	6.5 Medium
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7906	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	5.5 Medium
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVE-2016-8677	3 Debian, Imagemagick, Opensuse	3 Debian Linux, Imagemagick, Opensuse	2025-04-20	8.8 High
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
CVE-2016-8678	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
CVE-2016-8862	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	8.8 High
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVE-2016-9298	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVE-2016-9559	2 Debian, Imagemagick	2 Debian Linux, Imagemagick	2025-04-20	6.5 Medium
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVE-2016-9773	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVE-2014-9831	1 Imagemagick	1 Imagemagick	2025-04-20	8.8 High
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVE-2017-12434	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
CVE-2014-9833	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVE-2017-11310	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
CVE-2017-11352	3 Canonical, Debian, Imagemagick	3 Ubuntu Linux, Debian Linux, Imagemagick	2025-04-20	6.5 Medium
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
CVE-2017-11360	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
CVE-2017-11447	1 Imagemagick	1 Imagemagick	2025-04-20	6.5 Medium
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVE-2017-11449	1 Imagemagick	1 Imagemagick	2025-04-20	8.8 High
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVE-2017-11505	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
CVE-2017-11522	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2017-12587	1 Imagemagick	1 Imagemagick	2025-04-20	N/A
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.

« first previous Page 9 of 36. next last »