Vulnerabilities > Imagemagick > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-34152 OS Command Injection vulnerability in multiple products
A vulnerability was found in ImageMagick.
network
low complexity
imagemagick fedoraproject redhat CWE-78
critical
 9.8
9.8
2019-12-24 CVE-2019-19949 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
network
low complexity
imagemagick debian opensuse canonical CWE-125
critical
 9.1
9.1
2019-12-24 CVE-2019-19948 Out-of-bounds Write vulnerability in multiple products
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
network
low complexity
imagemagick debian opensuse canonical CWE-787
critical
 9.8
9.8
2017-03-24 CVE-2017-5511 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
network
low complexity
imagemagick debian CWE-119
critical
 9.8
9.8
2017-03-24 CVE-2016-10145 Numeric Errors vulnerability in Imagemagick
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
network
low complexity
imagemagick CWE-189
critical
 9.8
9.8
2017-03-24 CVE-2016-10144 Improper Access Control vulnerability in Imagemagick
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
network
low complexity
imagemagick CWE-284
critical
 9.8
9.8
2017-03-17 CVE-2014-9852 Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
network
low complexity
imagemagick suse opensuse CWE-913
critical
 9.8
9.8
2016-12-13 CVE-2016-5691 Improper Input Validation vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
network
low complexity
oracle imagemagick CWE-20
critical
 9.8
9.8
2016-12-13 CVE-2016-5690 NULL Pointer Dereference vulnerability in multiple products
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
network
low complexity
oracle imagemagick CWE-476
critical
 9.8
9.8
2016-12-13 CVE-2016-5689 NULL Pointer Dereference vulnerability in multiple products
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
network
low complexity
oracle imagemagick CWE-476
critical
 9.8
9.8