Vulnerabilities > Imagemagick > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-34152 OS Command Injection vulnerability in multiple products
A vulnerability was found in ImageMagick.
network
low complexity
imagemagick fedoraproject redhat CWE-78
critical
9.8
2019-12-24 CVE-2019-19952 Use After Free vulnerability in Imagemagick
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
network
low complexity
imagemagick CWE-416
critical
9.8
2019-12-24 CVE-2019-19949 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
network
low complexity
imagemagick debian opensuse canonical CWE-125
critical
9.1
2019-12-24 CVE-2019-19948 Out-of-bounds Write vulnerability in multiple products
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
network
low complexity
imagemagick debian opensuse canonical CWE-787
critical
9.8
2018-09-01 CVE-2018-16329 NULL Pointer Dereference vulnerability in Imagemagick
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
network
low complexity
imagemagick CWE-476
critical
9.8
2018-09-01 CVE-2018-16328 NULL Pointer Dereference vulnerability in Imagemagick
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
network
low complexity
imagemagick CWE-476
critical
9.8
2018-07-23 CVE-2018-14551 Use of Uninitialized Resource vulnerability in multiple products
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
network
low complexity
imagemagick canonical CWE-908
critical
9.8
2018-03-01 CVE-2017-18211 NULL Pointer Dereference vulnerability in multiple products
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
network
low complexity
imagemagick canonical CWE-476
critical
9.8
2018-03-01 CVE-2017-18210 NULL Pointer Dereference vulnerability in Imagemagick
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
network
low complexity
imagemagick CWE-476
critical
9.8
2017-12-11 CVE-2017-17499 Use After Free vulnerability in multiple products
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
network
low complexity
imagemagick canonical debian CWE-416
critical
9.8