Vulnerabilities > Imagemagick > Imagemagick > 6.9.10.56
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-12 | CVE-2023-1906 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. | 5.5 |
| 2023-03-23 | CVE-2023-1289 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. | 5.5 |
| 2020-12-08 | CVE-2020-27756 | Divide By Zero vulnerability in Imagemagick In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. | 5.5 |
| 2020-12-08 | CVE-2020-27752 | Heap-based Buffer Overflow vulnerability in Imagemagick A flaw was found in ImageMagick in MagickCore/quantum-private.h. | 7.1 |
| 2020-12-08 | CVE-2020-25674 | Heap-based Buffer Overflow vulnerability in multiple products WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. | 5.5 |
| 2020-12-08 | CVE-2020-25667 | Heap-based Buffer Overflow vulnerability in Imagemagick TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. | 5.5 |
| 2020-12-08 | CVE-2020-25665 | Out-of-bounds Read vulnerability in multiple products The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. | 5.5 |
| 2020-12-08 | CVE-2020-25664 | Heap-based Buffer Overflow vulnerability in multiple products In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. | 6.1 |
| 2020-12-04 | CVE-2020-27773 | Divide By Zero vulnerability in multiple products A flaw was found in ImageMagick in MagickCore/gem-private.h. | 3.3 |
| 2019-07-01 | CVE-2019-13136 | Integer Overflow or Wraparound vulnerability in Imagemagick ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. | 7.8 |