ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows malicious users to cause a denial of service. (CVE-2017-1000476) The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166) In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows malicious users to cause a denial of service. (CVE-2017-12805) In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows malicious users to cause a denial of service. (CVE-2017-12806) A memory leak vulnerability has been discovered in ImageMagick in the ReadPCDImage function of coders/pcd.c file. An attacker could use this flaw to cause a denial of service via a crafted file. (CVE-2017-18251) An issue exists in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows malicious users to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. (CVE-2017-18252) A memory leak vulnerability has been discovered in ImageMagick in the WriteGIFImage function of coders/gif.c file. An attacker could use this flaw to cause a denial of service via a crafted file. (CVE-2017-18254) In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows malicious users to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. (CVE-2017-18271) In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows malicious users to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. (CVE-2017-18273) An infinite loop has been found in the way ImageMagick reads Multiple-image Network Graphics (MNG) data. An attacker could exploit this to cause a denial of service via crafted MNG file. (CVE-2018-10177) ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804) ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805) In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows malicious users to cause a denial of service via a crafted DCM image file. (CVE-2018-11656) In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow malicious users to cause an out of bounds write via a crafted file. (CVE-2018-12599) In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow malicious users to cause an out of bounds write via a crafted file. (CVE-2018-12600) A memory leak exists in ImageMagick in the XMagickCommand function in animate.c file. An array of strings, named filelist, is allocated on the heap but not released in case the function ExpandFilenames returns an error code. (CVE-2018-13153) ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434) ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435) ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436) ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437) In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607) In ImageMagick prior to 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328) In ImageMagick 7.0.7-29 and previous versions, a missing NULL check in ReadOneJNGImage in coders/png.c allows an malicious user to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749) In ImageMagick 7.0.7-29 and previous versions, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750) There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick prior to 1.3.31. (CVE-2018-18544) In coders/bmp.c in ImageMagick prior to 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467) WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote malicious users to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804) ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. (CVE-2018-9133) An off-by-one read vulnerability exists in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131) In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an malicious user to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650) The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows malicious users to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. (CVE-2019-11470) ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows malicious users to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472) In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an malicious user to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597) In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an malicious user to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598) A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote malicious users to cause a denial of service via a crafted image. (CVE-2019-12974) It exists that ImageMagick does not properly release acquired memory when some error conditions occur in the WriteDPXImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. (CVE-2019-12975) It exists that ImageMagick does not properly release acquired memory when some error conditions occur in the ReadPCLImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash.An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. (CVE-2019-12976) ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978) ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979) ImageMagick prior to 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. (CVE-2019-13133) ImageMagick prior to 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134) ImageMagick prior to 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135) A heap-based buffer over-read exists in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a width of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data. (CVE-2019-13295) A heap-based buffer over-read exists in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a height of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data. (CVE-2019-13297) A heap-based buffer overflow exists in ImageMagick in the way it applies a value with arithmetic, relational, or logical operators to an image due to mishandling columns. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. (CVE-2019-13300) ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error. (CVE-2019-13301) A stack-based buffer overflow exists in ImageMagick in the way it writes PNM images due to a misplaced assignment. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. (CVE-2019-13304) A stack-based buffer overflow exists in ImageMagick in the way it writes PNM images due to a misplaced strncpy and off-by-one errors. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. (CVE-2019-13305) A stack-based buffer overflow exists in ImageMagick in the way it writes PNM images due to off-by-one errors. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. (CVE-2019-13306) A heap-based buffer overflow exists in ImageMagick in the way it parses images when using the evaluate-sequence option. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. (CVE-2019-13307) A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to the mishandling of the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. It exists that ImageMagick does not properly release acquired memory in function MogrifyImageList() when some error conditions are met, or the "compare" option is used. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. (CVE-2019-13309) A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to an error found in MagickWand/mogrify.c. It exists that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. (CVE-2019-13310) A flaw was found in ImageMagick, containing memory leaks of AcquireMagickMemory due to a wand/mogrify.c error. It exists that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. (CVE-2019-13311) ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. (CVE-2019-13454) In ImageMagick 7.x prior to 7.0.8-42 and 6.x prior to 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an malicious user to cause a denial of service by sending a crafted file. (CVE-2019-14980) In ImageMagick 7.x prior to 7.0.8-41 and 6.x prior to 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an malicious user to cause a denial of service by sending a crafted file. (CVE-2019-14981) The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows malicious users to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139) coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote malicious users to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140) WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows malicious users to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597. (CVE-2019-15141) ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708) ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709) ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710) ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711) ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712) ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713) ImageMagick prior to 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. (CVE-2019-17540) ImageMagick prior to 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541) A heap-based buffer overflow flaw exists in ImageMagick when writing SGI images with improper columns and rows properties. An attacker may trick a victim user into downloading a malicious image file and running it through ImageMagick, possibly executing code onto the victim user's system. (CVE-2019-19948) An out-of-bounds read exists in ImageMagick when writing PNG images. An attacker may abuse this flaw to trick a victim user into downloading a malicious image file and running it through ImageMagick, causing the application to crash. (CVE-2019-19949) In ImageMagick prior to 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175) In ImageMagick prior to 7.0.8-25 and GraphicsMagick up to and including 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397) In ImageMagick prior to 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398) In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an malicious user to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
imagemagick imagemagick 7.0.5-6 |
Vulmon