Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imagemagick imagemagick vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-5239
The gnuplot delegate functionality in ImageMagick prior to 6.9.4-0 and GraphicsMagick allows remote malicious users to execute arbitrary commands via unspecified vectors.
Imagemagick Imagemagick
9.8
CVSSv3
CVE-2016-5687
The VerticalFilter function in the DDS coder in ImageMagick prior to 6.9.4-3 and 7.x prior to 7.0.1-4 allows remote malicious users to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
Imagemagick Imagemagick 7.0.1-1
Imagemagick Imagemagick 7.0.1-3
Imagemagick Imagemagick 7.0.1-2
Imagemagick Imagemagick
Imagemagick Imagemagick 7.0.1-0
Oracle Solaris 11.3
9.8
CVSSv3
CVE-2016-5689
The DCM reader in ImageMagick prior to 6.9.4-5 and 7.x prior to 7.0.1-7 allows remote malicious users to have unspecified impact by leveraging lack of NULL pointer checks.
Oracle Solaris 11.3
Imagemagick Imagemagick 7.0.1-4
Imagemagick Imagemagick 7.0.1-1
Imagemagick Imagemagick 7.0.1-5
Imagemagick Imagemagick 7.0.1-3
Imagemagick Imagemagick 7.0.1-2
Imagemagick Imagemagick
Imagemagick Imagemagick 7.0.1-0
Imagemagick Imagemagick 7.0.1-6
9.8
CVSSv3
CVE-2016-5690
The ReadDCMImage function in DCM reader in ImageMagick prior to 6.9.4-5 and 7.x prior to 7.0.1-7 allows remote malicious users to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
Oracle Solaris 11.3
Imagemagick Imagemagick 7.0.1-4
Imagemagick Imagemagick 7.0.1-1
Imagemagick Imagemagick 7.0.1-5
Imagemagick Imagemagick 7.0.1-3
Imagemagick Imagemagick 7.0.1-2
Imagemagick Imagemagick
Imagemagick Imagemagick 7.0.1-0
Imagemagick Imagemagick 7.0.1-6
9.8
CVSSv3
CVE-2016-5691
The DCM reader in ImageMagick prior to 6.9.4-5 and 7.x prior to 7.0.1-7 allows remote malicious users to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
Oracle Solaris 11.3
Imagemagick Imagemagick 7.0.1-4
Imagemagick Imagemagick 7.0.1-1
Imagemagick Imagemagick 7.0.1-5
Imagemagick Imagemagick 7.0.1-3
Imagemagick Imagemagick 7.0.1-2
Imagemagick Imagemagick
Imagemagick Imagemagick 7.0.1-0
Imagemagick Imagemagick 7.0.1-6
9.8
CVSSv3
CVE-2016-4564
The DrawImage function in MagickCore/draw.c in ImageMagick prior to 6.9.4-0 and 7.x prior to 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote malicious users to cause a denial of service (buffer overflow and application crash) o...
Imagemagick Imagemagick 7.0.1-1
Imagemagick Imagemagick 7.0.1-0
Imagemagick Imagemagick 7.0.0-0
Imagemagick Imagemagick
9.1
CVSSv3
CVE-2019-19949
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
Imagemagick Imagemagick
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 20.04
9.1
CVSSv3
CVE-2016-6520
Buffer overflow in MagickCore/enhance.c in ImageMagick prior to 7.0.2-7 allows remote malicious users to have unspecified impact via vectors related to pixel cache morphology.
Imagemagick Imagemagick
8.8
CVSSv3
CVE-2022-2441
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, grante...
Orangelab Imagemagick Engine
1 Github repository
8.8
CVSSv3
CVE-2022-3568
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can tri...
Orangelab Imagemagick Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »