Vulnerabilities > Imagemagick > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-19 | CVE-2017-11447 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. | 4.3 |
| 2017-07-17 | CVE-2017-11360 | Excessive Iteration vulnerability in Imagemagick 7.0.61 The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | 4.3 |
| 2017-07-17 | CVE-2017-11352 | In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | 4.3 |
| 2017-07-13 | CVE-2017-11310 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.61 The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. | 6.8 |
| 2017-07-11 | CVE-2017-11170 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.56 The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. | 6.8 |
| 2017-07-07 | CVE-2017-10995 | Out-of-bounds Read vulnerability in Imagemagick 7.0.60 The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. | 4.3 |
| 2017-07-05 | CVE-2017-10928 | Out-of-bounds Read vulnerability in Imagemagick 7.0.60 In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. | 6.8 |
| 2017-06-07 | CVE-2017-9501 | Reachable Assertion vulnerability in Imagemagick 7.0.57 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-06-07 | CVE-2017-9500 | Reachable Assertion vulnerability in Imagemagick 7.0.58 In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-06-07 | CVE-2017-9499 | Reachable Assertion vulnerability in Imagemagick 7.0.57 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | 4.3 |