Cristy

175 exploits Active since Dec 2016
CVE-2019-13454 WRITEUP MEDIUM WRITEUP
Imagemagick < 7.0.8-54 - Divide By Zero
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVSS 6.5
CVE-2019-14980 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.10-42 - Use After Free
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
CVSS 6.5
CVE-2019-14980 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.10-42 - Use After Free
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
CVSS 6.5
CVE-2019-14981 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.10-41 - Divide By Zero
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
CVSS 6.5
CVE-2019-14981 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.10-41 - Divide By Zero
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
CVSS 6.5
CVE-2019-15139 WRITEUP MEDIUM WRITEUP
Imagemagick - Out-of-Bounds Read
The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
CVSS 6.5
CVE-2019-15140 WRITEUP HIGH WRITEUP
Imagemagick - Use After Free
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
CVSS 8.8
CVE-2019-15141 WRITEUP MEDIUM WRITEUP
Imagemagick - Out-of-Bounds Read
WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
CVSS 6.5
CVE-2019-17541 WRITEUP HIGH WRITEUP
Imagemagick < 6.9.10-55 - Use After Free
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
CVSS 8.8
CVE-2019-17547 WRITEUP HIGH WRITEUP
Imagemagick < 7.0.8-62 - Use After Free
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVSS 8.8
CVE-2019-18853 WRITEUP MEDIUM WRITEUP
ImageMagick <7.0.9-0 - DoS
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVSS 6.5
CVE-2019-7175 WRITEUP HIGH WRITEUP
ImageMagick <7.0.8-25 - Memory Corruption
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVSS 7.5
CVE-2019-7395 WRITEUP HIGH WRITEUP
ImageMagick <7.0.8-25 - Memory Corruption
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
CVSS 7.5
CVE-2019-7396 WRITEUP HIGH WRITEUP
ImageMagick <7.0.8-25 - Memory Corruption
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVSS 7.5
CVE-2019-7397 WRITEUP HIGH WRITEUP
ImageMagick <7.0.8-25 - Memory Corruption
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVSS 7.5
CVE-2020-27764 WRITEUP LOW WRITEUP
Imagemagick < 6.9.10-69 - Integer Overflow
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.
CVSS 3.3
CVE-2020-27829 WRITEUP MEDIUM WRITEUP
Imagemagick < 7.0.10-45 - Heap Buffer Overflow
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.
CVSS 5.5
CVE-2021-20224 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.11-57 - Integer Overflow
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
CVSS 5.5
CVE-2021-3574 WRITEUP LOW WRITEUP
ImageMagick-7.0.11-5 - Memory Corruption
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVSS 3.3
CVE-2021-3574 WRITEUP LOW WRITEUP
ImageMagick-7.0.11-5 - Memory Corruption
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVSS 3.3
CVE-2022-0284 WRITEUP HIGH WRITEUP
ImageMagick - Buffer Overflow
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVSS 7.1
CVE-2022-1115 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.12-44 - Out-of-Bounds Write
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS 5.5
CVE-2022-1115 WRITEUP MEDIUM WRITEUP
Imagemagick < 6.9.12-44 - Out-of-Bounds Write
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS 5.5
CVE-2022-28463 WRITEUP HIGH WRITEUP
ImageMagick 7.1.0-27 - Buffer Overflow
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS 7.8
CVE-2022-28463 WRITEUP HIGH WRITEUP
ImageMagick 7.1.0-27 - Buffer Overflow
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS 7.8