Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-05	CVE-2017-15016	NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. network imagemagick canonical CWE-476	6.8
2017-10-05	CVE-2017-15015	NULL Pointer Dereference vulnerability in multiple products ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. network imagemagick canonical CWE-476	6.8
2017-10-03	CVE-2017-14989	Use After Free vulnerability in Imagemagick 7.0.74 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. network imagemagick CWE-416	4.3
2017-09-26	CVE-2017-14741	Infinite Loop vulnerability in Imagemagick 7.0.73 The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. network imagemagick CWE-835	4.3
2017-09-26	CVE-2017-14739	NULL Pointer Dereference vulnerability in Imagemagick 7.0.74 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. network low complexity imagemagick CWE-476	5.0
2017-09-21	CVE-2017-14682	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.6 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. network imagemagick CWE-119	6.8
2017-09-20	CVE-2017-14607	Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. network imagemagick canonical debian CWE-125	5.8
2017-09-18	CVE-2017-14533	Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. network imagemagick canonical CWE-772	4.3
2017-09-18	CVE-2017-14528	Use After Free vulnerability in multiple products The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. network imagemagick debian CWE-416	4.3
2017-09-17	CVE-2017-14505	NULL Pointer Dereference vulnerability in Imagemagick 7.0.71 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. network imagemagick CWE-476	4.3