Vulnerabilities > Imagemagick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-15017 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | 8.8 |
| 2017-10-05 | CVE-2017-15016 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | 8.8 |
| 2017-10-05 | CVE-2017-15015 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | 8.8 |
| 2017-10-03 | CVE-2017-14989 | Use After Free vulnerability in Imagemagick 7.0.74 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | 6.5 |
| 2017-09-26 | CVE-2017-14741 | Infinite Loop vulnerability in Imagemagick 7.0.73 The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. | 6.5 |
| 2017-09-26 | CVE-2017-14739 | NULL Pointer Dereference vulnerability in Imagemagick 7.0.74 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. | 7.5 |
| 2017-09-22 | CVE-2017-14684 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.74 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. | 6.5 |
| 2017-09-21 | CVE-2017-14682 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.6 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | 8.8 |
| 2017-09-21 | CVE-2017-14626 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | 9.8 |
| 2017-09-21 | CVE-2017-14625 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | 9.8 |