Filtered by vendor Imagemagick Subscriptions
Filtered by product Imagemagick Subscriptions
Total 645 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-25665 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-11-21 5.5 Medium
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVE-2020-25664 2 Fedoraproject, Imagemagick 2 Fedora, Imagemagick 2024-11-21 6.1 Medium
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
CVE-2020-25663 1 Imagemagick 1 Imagemagick 2024-11-21 5.5 Medium
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVE-2020-19667 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2024-11-21 7.8 High
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVE-2020-13902 1 Imagemagick 1 Imagemagick 2024-11-21 7.1 High
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVE-2020-10251 1 Imagemagick 1 Imagemagick 2024-11-21 5.5 Medium
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.
CVE-2019-9956 3 Debian, Imagemagick, Redhat 3 Debian Linux, Imagemagick, Enterprise Linux 2024-11-21 N/A
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
CVE-2019-7398 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 7.5 High
In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
CVE-2019-7397 6 Canonical, Debian, Graphicsmagick and 3 more 6 Ubuntu Linux, Debian Linux, Graphicsmagick and 3 more 2024-11-21 7.5 High
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVE-2019-7396 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2024-11-21 7.5 High
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVE-2019-7395 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2024-11-21 7.5 High
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
CVE-2019-7175 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 7.5 High
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVE-2019-19952 1 Imagemagick 1 Imagemagick 2024-11-21 9.8 Critical
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
CVE-2019-19949 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 9.1 Critical
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVE-2019-19948 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 9.8 Critical
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVE-2019-18853 1 Imagemagick 1 Imagemagick 2024-11-21 6.5 Medium
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVE-2019-17547 1 Imagemagick 1 Imagemagick 2024-11-21 8.8 High
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-17541 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2024-11-21 8.8 High
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
CVE-2019-17540 3 Debian, Imagemagick, Redhat 3 Debian Linux, Imagemagick, Enterprise Linux 2024-11-21 8.8 High
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVE-2019-16713 5 Canonical, Debian, Imagemagick and 2 more 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more 2024-11-21 6.5 Medium
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.