Writeup Exploits

62,844 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-16546 WRITEUP HIGH
ImageMagick - Denial of Service via Malformed WPG File Colormap Index
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVSS 8.8
CVE-2017-15281 WRITEUP HIGH
ImageMagick - Denial of Service in ReadPSDImage
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVSS 8.8
CVE-2017-15277 WRITEUP MEDIUM
GraphicsMagick 1.3.26 - Exposure of Sensitive Information via Uninitialized GIF Palette
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVSS 6.5
CVE-2017-15218 WRITEUP MEDIUM
ImageMagick 7.0.7-2 - Memory Leak in ReadOneJNGImage
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVSS 6.5
CVE-2017-15217 WRITEUP MEDIUM
ImageMagick 7.0.7-2 - Memory Leak in ReadSGIImage
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVSS 6.5
CVE-2017-15017 WRITEUP HIGH
ImageMagick 7.0.7-0 Q16 - NULL Pointer Dereference in ReadOneMNGImage
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVSS 8.8
CVE-2017-15016 WRITEUP HIGH
ImageMagick 7.0.7-0 Q16 - NULL Pointer Dereference in ReadEnhMetaFile
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVSS 8.8
CVE-2017-15015 WRITEUP HIGH
ImageMagick 7.0.7-0 Q16 - NULL Pointer Dereference in PDFDelegateMessage
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVSS 8.8
CVE-2017-14989 WRITEUP MEDIUM
ImageMagick 7.0.7-4 Q16 - Use-After-Free in RenderFreetype
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
CVSS 6.5
CVE-2017-14741 WRITEUP MEDIUM
ImageMagick 7.0.7-3 - Denial of Service via Crafted Font File
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
CVSS 6.5
CVE-2017-14739 WRITEUP HIGH
ImageMagick 7.0.7-4 - Denial of Service via NULL Pointer Dereference in AcquireResampleFilterThreadSet
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
CVSS 7.5
CVE-2017-14684 WRITEUP MEDIUM
ImageMagick 7.0.7-4 - Denial of Service via Memory Leak in ReadVIPSImage
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
CVSS 6.5
CVE-2017-14626 WRITEUP CRITICAL
ImageMagick 7.0.7-0 - Memory Corruption
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVSS 9.8
CVE-2017-14626 WRITEUP CRITICAL
ImageMagick 7.0.7-0 - Memory Corruption
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVSS 9.8
CVE-2017-14625 WRITEUP CRITICAL
ImageMagick 7.0.7-0 - Memory Corruption
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVSS 9.8
CVE-2017-14624 WRITEUP CRITICAL
ImageMagick 7.0.7-0 - Buffer Overflow
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVSS 9.8
CVE-2017-14607 WRITEUP HIGH
ImageMagick 7.0.7-4 - Info Disclosure
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS 8.1
CVE-2017-14533 WRITEUP MEDIUM
ImageMagick 7.0.6-6 - Memory Corruption
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVSS 6.5
CVE-2017-14532 WRITEUP CRITICAL
ImageMagick 7.0.7-0 - Buffer Overflow
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVSS 9.8
CVE-2017-14531 WRITEUP MEDIUM
ImageMagick 7.0.7-0 - Memory Corruption
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
CVSS 6.5
CVE-2017-14505 WRITEUP MEDIUM
ImageMagick 7.0.7-1 - Denial of Service via NULL Pointer Dereference in DrawGetStrokeDashArray
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
CVSS 6.5
CVE-2017-14400 WRITEUP MEDIUM
ImageMagick 7.0.7-1 - Denial of Service via Crafted File
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
CVSS 6.5
CVE-2017-14343 WRITEUP MEDIUM
ImageMagick 7.0.6-6 - Memory Corruption
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVSS 6.5
CVE-2017-14342 WRITEUP MEDIUM
ImageMagick 7.0.6-6 - Memory Corruption
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVSS 6.5
CVE-2017-14341 WRITEUP MEDIUM
ImageMagick 7.0.6-6 - Uncontrolled Resource Consumption via Crafted WPG Image
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVSS 6.5