CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Imagemagick » Imagemagick : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2014-9825 119 Overflow 2017-03-30 2017-04-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
102 CVE-2014-9824 119 Overflow 2017-03-30 2017-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
103 CVE-2014-9823 119 Overflow 2017-03-30 2017-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
104 CVE-2014-9822 119 Overflow 2017-03-30 2017-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
105 CVE-2014-9821 119 Overflow 2017-03-30 2017-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
106 CVE-2014-9820 119 Overflow 2017-03-30 2017-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
107 CVE-2014-9819 119 Overflow 2017-03-30 2017-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
108 CVE-2014-9817 119 Overflow 2017-03-30 2017-04-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
109 CVE-2014-2030 787 DoS Exec Code Overflow 2020-02-06 2020-02-11
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
110 CVE-2014-1958 120 Exec Code Overflow 2020-02-06 2020-02-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
111 CVE-2014-1947 787 DoS Exec Code Overflow 2020-02-17 2020-02-21
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
112 CVE-2012-1185 190 DoS Exec Code Overflow Mem. Corr. 2012-06-05 2020-07-31
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
113 CVE-2012-0247 20 DoS Exec Code Mem. Corr. 2012-06-05 2020-07-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
114 CVE-2010-4167 +Priv 2010-11-22 2018-01-06
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
115 CVE-2008-1097 399 DoS Exec Code Overflow Mem. Corr. 2008-03-05 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
116 CVE-2008-1096 119 DoS Exec Code Overflow 2008-03-05 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
117 CVE-2007-4988 119 Exec Code Overflow 2007-09-24 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
118 CVE-2007-4986 189 Exec Code Overflow 2007-09-24 2018-10-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
119 CVE-2007-1797 189 Exec Code Overflow 2007-04-02 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Total number of vulnerabilities : 119   Page : 1 2 3 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.