Vulnerabilities > Imagemagick > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-15 | CVE-2016-8866 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | 8.8 |
| 2017-02-15 | CVE-2016-8862 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | 8.8 |
| 2017-01-18 | CVE-2016-6823 | Integer Overflow or Wraparound vulnerability in Imagemagick Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. | 7.5 |
| 2016-12-23 | CVE-2016-8707 | Out-of-bounds Write vulnerability in multiple products An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. | 7.8 |
| 2016-12-13 | CVE-2016-6491 | Out-of-bounds Read vulnerability in multiple products Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | 8.8 |
| 2016-12-13 | CVE-2016-5842 | Out-of-bounds Read vulnerability in multiple products MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | 7.5 |
| 2016-12-13 | CVE-2016-5688 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. | 8.1 |
| 2016-06-04 | CVE-2016-4563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2016-06-04 | CVE-2016-4562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2016-05-05 | CVE-2016-3714 | Improper Input Validation vulnerability in multiple products The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | 8.4 |