Vulnerabilities > Imagemagick > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17880 | Out-of-bounds Read vulnerability in Imagemagick 7.0.716 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | 8.8 |
| 2017-12-27 | CVE-2017-17879 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | 8.8 |
| 2017-11-05 | CVE-2017-16546 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. | 8.8 |
| 2017-10-12 | CVE-2017-15281 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." | 8.8 |
| 2017-10-05 | CVE-2017-15033 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | 7.5 |
| 2017-10-05 | CVE-2017-15017 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | 8.8 |
| 2017-10-05 | CVE-2017-15016 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | 8.8 |
| 2017-10-05 | CVE-2017-15015 | NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | 8.8 |
| 2017-09-26 | CVE-2017-14739 | NULL Pointer Dereference vulnerability in Imagemagick 7.0.74 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. | 7.5 |
| 2017-09-21 | CVE-2017-14682 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.6 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | 8.8 |