Cristy

204 exploits Active since Dec 2016
CVE-2022-1115 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-44 - Heap Buffer Overflow in PushShortPixel Function via TIFF Image Processing
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS 5.5
CVE-2022-1115 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-44 - Heap Buffer Overflow in PushShortPixel Function via TIFF Image Processing
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS 5.5
CVE-2022-28463 WRITEUP HIGH WRITEUP
ImageMagick 7.1.0-27 - Buffer Overflow
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS 7.8
CVE-2022-28463 WRITEUP HIGH WRITEUP
ImageMagick 7.1.0-27 - Buffer Overflow
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS 7.8
CVE-2022-32545 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.12-43 - Integer Overflow in PSD Coder
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVSS 7.8
CVE-2022-32546 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.12-44 - Integer Overflow in PCL Coder
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVSS 7.8
CVE-2022-32547 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.12-45 - Denial of Service via Misaligned Address Load in Property Handling
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVSS 7.8
CVE-2022-3213 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-62 - Denial of Service via Malformed TIFF File
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVSS 5.5
CVE-2022-3213 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-62 - Denial of Service via Malformed TIFF File
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVSS 5.5
CVE-2023-1289 WRITEUP MEDIUM WRITEUP
ImageMagick < 7.1.1-0 - Denial of Service via Crafted SVG File
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
CVSS 5.5
CVE-2023-1906 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-84 - Denial of Service via Heap-based Buffer Overflow in ImportMultiSpectralQuantum
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-1906 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-84 - Denial of Service via Heap-based Buffer Overflow in ImportMultiSpectralQuantum
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-3195 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-26 - Stack-based Buffer Overflow in TIFF Coder
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-3195 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.12-26 - Stack-based Buffer Overflow in TIFF Coder
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-34474 WRITEUP MEDIUM WRITEUP
ImageMagick < 7.1.1-10 - Heap-based Buffer Overflow in ReadTIM2ImageData
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-34475 WRITEUP MEDIUM WRITEUP
ImageMagick < 7.1.1-10 - Use-After-Free in ReplaceXmpValue Function
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-3745 WRITEUP MEDIUM WRITEUP
ImageMagick 6.0-6.9-11-0 - Denial of Service via Heap-Based Buffer Overflow in PushCharPixel
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-3745 WRITEUP MEDIUM WRITEUP
ImageMagick 6.0-6.9-11-0 - Denial of Service via Heap-Based Buffer Overflow in PushCharPixel
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVSS 5.5
CVE-2023-5341 WRITEUP MEDIUM WRITEUP
ImageMagick < 7.1.2 - Use-After-Free in BMP Coder
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVSS 6.2
CVE-2025-46393 WRITEUP LOW WRITEUP
ImageMagick <7.1.1-44 - Buffer Overflow
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packet_size is mishandled (related to the rendering of all channels in an arbitrary order).
CVSS 2.9
CVE-2025-53101 WRITEUP HIGH WRITEUP
ImageMagick <7.1.2-0, <6.9.13-26 - Buffer Overflow
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
CVSS 7.4
CVE-2025-55212 WRITEUP LOW WRITEUP
ImageMagick <6.9.13-28, <7.1.2-2 - DoS
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS 3.7
CVE-2025-55298 WRITEUP HIGH WRITEUP
ImageMagick <6.9.13-28 & <7.1.2 - RCE
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS 7.5
CVE-2025-57803 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.13-28 - Integer Overflow in BMP Encoder
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
CVSS 7.5
CVE-2025-57807 WRITEUP LOW WRITEUP
ImageMagick < 6.9.13-29 - Heap-Based Buffer Overflow via SeekBlob and WriteBlob Functions
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
CVSS 3.8