Vulnerabilities > Imagemagick > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-16 CVE-2018-10177 Infinite Loop vulnerability in multiple products
In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file.
network
low complexity
imagemagick canonical CWE-835
6.5
6.5
2018-03-30 CVE-2018-9133 Excessive Iteration vulnerability in multiple products
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file.
network
low complexity
imagemagick canonical CWE-834
6.5
6.5
2018-03-27 CVE-2017-18254 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in ImageMagick 7.0.7.
network
low complexity
imagemagick canonical CWE-772
6.5
6.5
2018-03-27 CVE-2017-18253 NULL Pointer Dereference vulnerability in Imagemagick 7.0.7
An issue was discovered in ImageMagick 7.0.7.
network
low complexity
imagemagick CWE-476
6.5
6.5
2018-03-27 CVE-2017-18252 Reachable Assertion vulnerability in multiple products
An issue was discovered in ImageMagick 7.0.7.
network
low complexity
imagemagick canonical CWE-617
6.5
6.5
2018-03-27 CVE-2017-18251 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
An issue was discovered in ImageMagick 7.0.7.
network
low complexity
imagemagick canonical CWE-772
6.5
6.5
2018-03-27 CVE-2017-18250 NULL Pointer Dereference vulnerability in Imagemagick 7.0.70
An issue was discovered in ImageMagick 7.0.7.
network
low complexity
imagemagick CWE-476
6.5
6.5
2018-02-25 CVE-2018-7470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.722
An issue was discovered in ImageMagick 7.0.7-22 Q16.
network
low complexity
imagemagick CWE-119
6.5
6.5
2018-02-23 CVE-2018-7443 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
network
low complexity
imagemagick debian canonical CWE-770
6.5
6.5
2018-02-13 CVE-2018-6930 Out-of-bounds Read vulnerability in Imagemagick 7.0.722
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.
network
low complexity
imagemagick CWE-125
6.5
6.5