Filtered by vendor Imagemagick
Subscriptions
Total
652 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3718 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2025-07-28 | 5.5 Medium |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | ||||
CVE-2016-3715 | 6 Canonical, Imagemagick, Opensuse and 3 more | 31 Ubuntu Linux, Imagemagick, Leap and 28 more | 2025-07-28 | 5.5 Medium |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | ||||
CVE-2016-3714 | 6 Canonical, Debian, Imagemagick and 3 more | 7 Ubuntu Linux, Debian Linux, Imagemagick and 4 more | 2025-07-28 | 8.4 High |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
CVE-2025-53101 | 1 Imagemagick | 1 Imagemagick | 2025-07-15 | 7.4 High |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
CVE-2025-53019 | 1 Imagemagick | 1 Imagemagick | 2025-07-15 | 3.7 Low |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
CVE-2025-53015 | 1 Imagemagick | 1 Imagemagick | 2025-07-15 | 7.5 High |
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue. | ||||
CVE-2025-53014 | 1 Imagemagick | 1 Imagemagick | 2025-07-15 | 3.7 Low |
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue. | ||||
CVE-2019-13454 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2025-07-11 | 6.5 Medium |
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. | ||||
CVE-2022-28463 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-06-26 | 7.8 High |
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | ||||
CVE-2025-46393 | 1 Imagemagick | 1 Imagemagick | 2025-04-29 | 2.9 Low |
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order). | ||||
CVE-2025-43965 | 1 Imagemagick | 1 Imagemagick | 2025-04-29 | 2.9 Low |
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. | ||||
CVE-2016-10052 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.8 High |
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||||
CVE-2014-9804 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.5 High |
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." | ||||
CVE-2016-10053 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.5 Medium |
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | ||||
CVE-2016-10051 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2025-04-20 | 7.8 High |
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||||
CVE-2016-10047 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | ||||
CVE-2014-9838 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | ||||
CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 9.8 Critical |
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | ||||
CVE-2016-10046 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | ||||
CVE-2016-10065 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2025-04-20 | N/A |
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |