Writeup Exploits
62,844 exploits tracked across all sources.
ImageMagick <6.9.8-10, <7.6.0-0 - DoS
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
CVSS 6.5
ImageMagick < 6.9.9-0 and 7.x through 7.0.6-1 - Denial of Service via Crafted TXT File
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
CVSS 6.5
ImageMagick < 6.9.9-0 and 7.x < 7.0.6-1 - Denial of Service via Crafted PNG File
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS 6.5
ImageMagick < 6.9.9-0 and 7.x < 7.0.6-1 - Denial of Service via Malformed JNG File
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
CVSS 6.5
ImageMagick < 6.9.9-0 - Denial of Service via Malformed DJVU Image
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
CVSS 6.5
ImageMagick < 6.9.9-0 - Denial of Service via Malformed JPEG Data
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVSS 8.8
ImageMagick < 6.9.9-0 - Denial of Service via Unvalidated Blob Size in MPC Coder
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVSS 8.8
ImageMagick < 6.9.9-0 - Exposure of Sensitive Information via Crafted JPEG File
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVSS 6.5
ImageMagick < 7.0.6-0 - Denial of Service via ReadSCREENSHOTImage Memory Leak
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVSS 6.5
ImageMagick 7.0.6-1 - Denial of Service via Infinite Loop in ReadPESImage
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
CVSS 6.5
ImageMagick 7.0.6-1 - Buffer Overflow
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
CVSS 6.5
ImageMagick <7.0.5-10 - Buffer Overflow
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
CVSS 6.5
ImageMagick 7.0.6-1 Q16 2017-06-21 - Memory Leak via Crafted PNG Files
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
CVSS 8.8
ImageMagick 7.0.6-0 - Denial of Service via DPX File Processing
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
CVSS 7.5
ImageMagick 7.0.5-6 - Memory Exhaustion via Invalid TGA/VST Header Colors Data
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
CVSS 8.8
ImageMagick 7.0.5-6 - Memory Exhaustion via Crafted XWD Header
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.
CVSS 6.5
ImageMagick 7.0.5-6 - Memory Exhaustion via Crafted MAT File
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
CVSS 6.5
ImageMagick 7.0.6-0 - Denial of Service via Heap-Based Buffer Over-Read in MNG Image Handling
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
CVSS 5.5
ImageMagick 7.0.6-0 - Heap-Based Buffer Over-Read via SVG Document
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
CVSS 8.8
ImageMagick 7.0.7-12 Q16 - Denial of Service in ReadDDSInfo
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
CVSS 6.5
ImageMagick < 6.9.9-15 - Denial of Service via Null Pointer Dereference
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVSS 6.5
ImageMagick < 6.9.6-5 - Denial of Service via NULL Pointer Dereference in TIFF Coder
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVSS 6.5
ImageMagick <6.9.6-4, <7.0.3-6 - Buffer Overflow
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVSS 5.5
ImageMagick <7.0.3.8 - Memory Corruption
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
CVSS 8.8
ImageMagick <7.0.3.3 - Memory Corruption
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVSS 8.8
By Source