Vulnerabilities > Imagemagick > Imagemagick > 7.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-08 | CVE-2020-27752 | Heap-based Buffer Overflow vulnerability in Imagemagick A flaw was found in ImageMagick in MagickCore/quantum-private.h. | 7.1 |
2020-12-08 | CVE-2020-27751 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in ImageMagick in MagickCore/quantum-export.c. | 3.3 |
2020-12-08 | CVE-2020-25676 | Integer Overflow or Wraparound vulnerability in multiple products In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. | 5.5 |
2020-12-08 | CVE-2020-25675 | Integer Overflow or Wraparound vulnerability in multiple products In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. | 3.3 |
2020-12-08 | CVE-2020-25667 | Heap-based Buffer Overflow vulnerability in Imagemagick TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. | 5.5 |
2020-12-08 | CVE-2020-25666 | Integer Overflow or Wraparound vulnerability in multiple products There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. | 3.3 |
2020-12-07 | CVE-2020-29599 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. | 7.8 |
2020-12-04 | CVE-2020-27774 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in ImageMagick in MagickCore/statistic.c. | 3.3 |
2020-12-04 | CVE-2020-27767 | Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in ImageMagick in MagickCore/quantum.h. | 3.3 |
2020-12-03 | CVE-2020-27761 | Integer Overflow or Wraparound vulnerability in multiple products WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. | 3.3 |