Vulnerabilities > Imagemagick
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-04 | CVE-2016-4564 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 7.5 |
| 2016-06-04 | CVE-2016-4563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 6.8 |
| 2016-06-04 | CVE-2016-4562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 6.8 |
| 2016-05-05 | CVE-2016-3718 | Improper Input Validation vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | 6.3 |
| 2016-05-05 | CVE-2016-3717 | Information Exposure vulnerability in multiple products The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | 5.5 |
| 2016-05-05 | CVE-2016-3716 | Permissions, Privileges, and Access Controls vulnerability in multiple products The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | 3.3 |
| 2016-05-05 | CVE-2016-3715 | Improper Access Control vulnerability in multiple products The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | 5.5 |
| 2016-05-05 | CVE-2016-3714 | Improper Input Validation vulnerability in multiple products The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | 8.4 |
| 2013-09-10 | CVE-2013-4298 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. | 4.3 |
| 2012-08-07 | CVE-2012-3437 | Denial of Service vulnerability in Imagemagick 6.7.86 The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. network imagemagick | 4.3 |