Vulnerabilities > Imagemagick

DATE CVE VULNERABILITY TITLE RISK
2020-12-08 CVE-2020-25663 Use After Free vulnerability in Imagemagick
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. 		4.3
4.3
2020-12-07 CVE-2020-29599 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files.
local
low complexity
imagemagick debian CWE-91
7.8
7.8
2020-12-04 CVE-2020-27773 Divide By Zero vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/gem-private.h.
local
low complexity
imagemagick redhat debian CWE-369
3.3
3.3
2020-12-04 CVE-2020-27772 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in coders/bmp.c.
local
low complexity
imagemagick redhat debian CWE-190
3.3
3.3
2020-12-04 CVE-2020-27776 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/statistic.c.
local
low complexity
imagemagick redhat CWE-190
3.3
3.3
2020-12-04 CVE-2020-27775 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/quantum.h.
local
low complexity
imagemagick redhat debian CWE-190
3.3
3.3
2020-12-04 CVE-2020-27774 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/statistic.c.
local
low complexity
imagemagick redhat debian CWE-190
3.3
3.3
2020-12-04 CVE-2020-27771 Integer Overflow or Wraparound vulnerability in multiple products
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type.
local
low complexity
imagemagick redhat debian CWE-190
3.3
3.3
2020-12-04 CVE-2020-27770 Integer Overflow or Wraparound vulnerability in multiple products
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability.
local
low complexity
imagemagick debian CWE-190
5.5
5.5
2020-12-04 CVE-2020-27767 Integer Overflow or Wraparound vulnerability in multiple products
A flaw was found in ImageMagick in MagickCore/quantum.h.
local
low complexity
imagemagick redhat debian CWE-190
3.3
3.3