Vulnerabilities > Imagemagick > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-13 CVE-2016-6520 Out-of-bounds Read vulnerability in Imagemagick
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
network
low complexity
imagemagick CWE-125
6.4
2016-12-13 CVE-2016-6491 Out-of-bounds Read vulnerability in Imagemagick
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
6.8
2016-12-13 CVE-2016-5842 Out-of-bounds Read vulnerability in multiple products
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
network
low complexity
imagemagick oracle CWE-125
5.0
2016-06-04 CVE-2016-4563 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
6.8
2016-06-04 CVE-2016-4562 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
6.8
2016-05-05 CVE-2016-3718 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
5.5
2016-05-05 CVE-2016-3717 Information Exposure vulnerability in multiple products
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
local
low complexity
canonical redhat imagemagick CWE-200
5.5
2016-05-05 CVE-2016-3715 The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. 5.5
2013-09-10 CVE-2013-4298 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
4.3
2012-08-07 CVE-2012-3437 Denial of Service vulnerability in Imagemagick 6.7.86
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
network
imagemagick
4.3