Vulnerabilities > Imagemagick

DATE CVE VULNERABILITY TITLE RISK
2017-01-18 CVE-2016-7906 Use After Free vulnerability in multiple products
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
local
low complexity
imagemagick debian CWE-416
5.5
5.5
2017-01-18 CVE-2016-7799 Out-of-bounds Read vulnerability in multiple products
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
network
low complexity
imagemagick debian CWE-125
6.5
6.5
2017-01-18 CVE-2016-7101 Out-of-bounds Read vulnerability in Imagemagick
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
network
low complexity
imagemagick CWE-125
6.5
6.5
2017-01-18 CVE-2016-6823 Integer Overflow or Wraparound vulnerability in Imagemagick
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
network
low complexity
imagemagick CWE-190
7.5
7.5
2016-12-23 CVE-2016-8707 Out-of-bounds Write vulnerability in multiple products
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility.
local
low complexity
imagemagick debian CWE-787
7.8
7.8
2016-12-13 CVE-2016-6520 Out-of-bounds Read vulnerability in Imagemagick
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
network
low complexity
imagemagick CWE-125
critical
 9.1
9.1
2016-12-13 CVE-2016-6491 Out-of-bounds Read vulnerability in multiple products
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
network
low complexity
imagemagick oracle CWE-125
8.8
8.8
2016-12-13 CVE-2016-5842 Out-of-bounds Read vulnerability in multiple products
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
network
low complexity
imagemagick oracle CWE-125
7.5
7.5
2016-12-13 CVE-2016-5841 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
network
low complexity
imagemagick oracle CWE-190
critical
 9.8
9.8
2016-12-13 CVE-2016-5691 Improper Input Validation vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
network
low complexity
oracle imagemagick CWE-20
critical
 9.8
9.8