Vulnerabilities > Imagemagick > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-04 | CVE-2017-14137 | Resource Exhaustion vulnerability in Imagemagick 7.0.65 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. | 5.0 |
| 2017-08-31 | CVE-2017-14060 | NULL Pointer Dereference vulnerability in multiple products In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. | 4.3 |
| 2017-08-30 | CVE-2017-13769 | Out-of-bounds Read vulnerability in multiple products The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | 4.3 |
| 2017-08-30 | CVE-2017-13768 | NULL Pointer Dereference vulnerability in multiple products Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | 4.3 |
| 2017-08-29 | CVE-2017-13758 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 7.0.610 In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | 4.3 |
| 2017-08-28 | CVE-2017-12877 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-08-28 | CVE-2017-12876 | Out-of-bounds Write vulnerability in Imagemagick Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-08-24 | CVE-2017-13658 | Reachable Assertion vulnerability in Imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | 4.3 |
| 2017-08-23 | CVE-2017-13146 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. | 6.8 |
| 2017-08-23 | CVE-2017-13145 | Improper Input Validation vulnerability in Imagemagick In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | 4.3 |