Vulnerabilities > Imagemagick > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2017-11449 | Unspecified vulnerability in Imagemagick coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. | 8.8 |
| 2017-07-13 | CVE-2017-11310 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.61 The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. | 8.8 |
| 2017-07-12 | CVE-2017-11188 | Excessive Iteration vulnerability in Imagemagick 7.0.60 The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. | 7.5 |
| 2017-07-11 | CVE-2017-11170 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. | 8.8 |
| 2017-07-05 | CVE-2017-10928 | Out-of-bounds Read vulnerability in Imagemagick 7.0.60 In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. | 8.8 |
| 2017-05-19 | CVE-2017-9098 | Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. | 7.5 |
| 2017-04-10 | CVE-2017-7619 | Infinite Loop vulnerability in Imagemagick 7.0.49 In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. | 7.5 |
| 2017-03-30 | CVE-2014-9825 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. | 7.8 |
| 2017-03-30 | CVE-2014-9824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. | 7.8 |
| 2017-03-30 | CVE-2014-9823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. | 7.8 |