Vulnerabilities > Imagemagick > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-12-13 | CVE-2016-6520 | Out-of-bounds Read vulnerability in Imagemagick Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | 6.4 |
2016-12-13 | CVE-2016-6491 | Out-of-bounds Read vulnerability in Imagemagick Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. | 6.8 |
2016-12-13 | CVE-2016-5842 | Out-of-bounds Read vulnerability in multiple products MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. | 5.0 |
2016-06-04 | CVE-2016-4563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 6.8 |
2016-06-04 | CVE-2016-4562 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 6.8 |
2016-05-05 | CVE-2016-3718 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. | 5.5 |
2016-05-05 | CVE-2016-3717 | Information Exposure vulnerability in multiple products The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | 5.5 |
2016-05-05 | CVE-2016-3715 | The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | 5.5 |
2013-09-10 | CVE-2013-4298 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. | 4.3 |
2012-08-07 | CVE-2012-3437 | Denial of Service vulnerability in Imagemagick 6.7.86 The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. network imagemagick | 4.3 |