2016-06-06
ALT-BU-2016-2812-2
Branch sisyphus update bulletin.
Package ImageMagick updated to version 6.9.4.7-alt1 for branch sisyphus in task 165526.
Closed vulnerabilities
Published: 2017-03-23
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00619
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю подделать межсайтовые запросы
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2017-03-23
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00620
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2017-03-31
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00693
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2017-03-31
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00703
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2017-03-31
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00705
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2017-04-13
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00885
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2017-04-13
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00886
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2017-04-13
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00888
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2017-04-13
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2017-00892
Уязвимость консольного графического редактора ImageMagick, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9804
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee
- https://bugzilla.redhat.com/show_bug.cgi?id=1343459
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee
- https://bugzilla.redhat.com/show_bug.cgi?id=1343459
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9805
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://bugzilla.redhat.com/show_bug.cgi?id=1343460
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://bugzilla.redhat.com/show_bug.cgi?id=1343460
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9806
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://bugzilla.redhat.com/show_bug.cgi?id=1343462
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://bugzilla.redhat.com/show_bug.cgi?id=1343462
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9807
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75
- https://bugzilla.redhat.com/show_bug.cgi?id=1343463
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75
- https://bugzilla.redhat.com/show_bug.cgi?id=1343463
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9808
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1343464
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1343464
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9809
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1343465
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1343465
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9810
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e
- https://bugzilla.redhat.com/show_bug.cgi?id=1343466
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e
- https://bugzilla.redhat.com/show_bug.cgi?id=1343466
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9811
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343467
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343467
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9812
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343468
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343468
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9813
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e
- https://bugzilla.redhat.com/show_bug.cgi?id=1343469
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e
- https://bugzilla.redhat.com/show_bug.cgi?id=1343469
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9814
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=fcced2ba626109d23186282d326427a0fc85fec0
- https://bugzilla.redhat.com/show_bug.cgi?id=1343470
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=fcced2ba626109d23186282d326427a0fc85fec0
- https://bugzilla.redhat.com/show_bug.cgi?id=1343470
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9815
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=1eb3064a9e4a81d0b8cd414e3dcd7fe9b158f241
- https://bugzilla.redhat.com/show_bug.cgi?id=1343471
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=1eb3064a9e4a81d0b8cd414e3dcd7fe9b158f241
- https://bugzilla.redhat.com/show_bug.cgi?id=1343471
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9816
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f
- https://bugzilla.redhat.com/show_bug.cgi?id=1343472
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f
- https://bugzilla.redhat.com/show_bug.cgi?id=1343472
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9817
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0
- https://bugzilla.redhat.com/show_bug.cgi?id=1343473
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=e24de96ab25b396ae914a7640ff4d61e58c40cf0
- https://bugzilla.redhat.com/show_bug.cgi?id=1343473
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9818
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=8e72cbfca8db81132319af14d1f33a3e833666d7
- https://bugzilla.redhat.com/show_bug.cgi?id=1343474
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=8e72cbfca8db81132319af14d1f33a3e833666d7
- https://bugzilla.redhat.com/show_bug.cgi?id=1343474
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9819
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
- https://bugzilla.redhat.com/show_bug.cgi?id=1343475
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
- https://bugzilla.redhat.com/show_bug.cgi?id=1343475
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9820
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
- https://bugzilla.redhat.com/show_bug.cgi?id=1343476
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
- https://bugzilla.redhat.com/show_bug.cgi?id=1343476
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9821
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
- https://bugzilla.redhat.com/show_bug.cgi?id=1343477
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=0a89a1ccca6e7ee059b73f5cc924513383e8a330
- https://bugzilla.redhat.com/show_bug.cgi?id=1343477
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9822
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343478
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343478
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9823
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343479
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343479
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9824
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343480
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=09561d37839dbfa04e017eea14811312985095d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1343480
Published: 2017-03-30
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9825
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276
- https://bugzilla.redhat.com/show_bug.cgi?id=1343481
- http://www.openwall.com/lists/oss-security/2014/12/24/1
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276
- https://bugzilla.redhat.com/show_bug.cgi?id=1343481
Published: 2017-08-07
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9827
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276
- https://bugzilla.redhat.com/show_bug.cgi?id=1343483
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=69490f5cffbda612e15a2985699455bb0b45e276
- https://bugzilla.redhat.com/show_bug.cgi?id=1343483
Published: 2017-08-07
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9828
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c
- https://bugzilla.redhat.com/show_bug.cgi?id=1343484
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=460547be494cc8c039b99b65e64a1fa2eb08ab5c
- https://bugzilla.redhat.com/show_bug.cgi?id=1343484
Published: 2017-04-05
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9829
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=8e72cbfca8db81132319af14d1f33a3e833666d7
- https://bugzilla.redhat.com/show_bug.cgi?id=1343485
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=8e72cbfca8db81132319af14d1f33a3e833666d7
- https://bugzilla.redhat.com/show_bug.cgi?id=1343485
Published: 2017-08-07
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9830
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f
- https://bugzilla.redhat.com/show_bug.cgi?id=1343486
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f
- https://bugzilla.redhat.com/show_bug.cgi?id=1343486
Published: 2017-08-07
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9831
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f
- https://bugzilla.redhat.com/show_bug.cgi?id=1343487
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=b68b78e2625122d9f6b6d88ba4df7e85b47b556f
- https://bugzilla.redhat.com/show_bug.cgi?id=1343487
Published: 2017-03-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9848
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.ubuntu.com/usn/USN-3131-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1343507
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.ubuntu.com/usn/USN-3131-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1343507
Published: 2017-03-17
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9852
distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563
- https://bugzilla.redhat.com/show_bug.cgi?id=1343512
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=37ec7d53dcb99fbd1f5c33442594d5e279630563
- https://bugzilla.redhat.com/show_bug.cgi?id=1343512
Published: 2017-03-17
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9853
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.ubuntu.com/usn/USN-3131-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1343513
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.ubuntu.com/usn/USN-3131-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1343513
Published: 2017-03-17
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9854
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.ubuntu.com/usn/USN-3131-1
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed
- https://bugzilla.redhat.com/show_bug.cgi?id=1343514
- http://git.imagemagick.org/repos/ImageMagick/commit/7fb9b7e095a65b4528d0180e26574f2bc7cd0e8b
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.ubuntu.com/usn/USN-3131-1
- https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=5ee6f49297c8137cae527429e0267462c14ec3ed
- https://bugzilla.redhat.com/show_bug.cgi?id=1343514
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2014-9907
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93231
- https://bugzilla.redhat.com/show_bug.cgi?id=1378734
- https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
- https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
- https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93231
- https://bugzilla.redhat.com/show_bug.cgi?id=1378734
- https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
- https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
- https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
Published: 2017-03-15
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/91025
- https://access.redhat.com/errata/RHSA-2016:1237
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
- https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/91025
- https://access.redhat.com/errata/RHSA-2016:1237
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
- https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Published: 2017-03-15
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2015/10/07/2
- http://www.openwall.com/lists/oss-security/2015/10/08/3
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/91027
- https://access.redhat.com/errata/RHSA-2016:1237
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
- https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
- http://www.openwall.com/lists/oss-security/2015/10/07/2
- http://www.openwall.com/lists/oss-security/2015/10/08/3
- http://www.openwall.com/lists/oss-security/2016/06/02/13
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/91027
- https://access.redhat.com/errata/RHSA-2016:1237
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
- https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Published: 2017-02-27
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2015-8900
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://trac.imagemagick.org/changeset/17845
- http://trac.imagemagick.org/changeset/17846
- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
- http://www.openwall.com/lists/oss-security/2015/02/26/13
- http://www.openwall.com/lists/oss-security/2016/06/06/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1195260
- https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
- http://trac.imagemagick.org/changeset/17845
- http://trac.imagemagick.org/changeset/17846
- http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
- http://www.openwall.com/lists/oss-security/2015/02/26/13
- http://www.openwall.com/lists/oss-security/2016/06/06/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1195260
- https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
Published: 2017-03-23
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10047
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
Severity: HIGH (7.1)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95182
- https://bugzilla.redhat.com/show_bug.cgi?id=1410449
- https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95182
- https://bugzilla.redhat.com/show_bug.cgi?id=1410449
- https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
Published: 2017-03-23
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10049
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95180
- https://bugzilla.redhat.com/show_bug.cgi?id=1410452
- https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18
- https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95180
- https://bugzilla.redhat.com/show_bug.cgi?id=1410452
- https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18
- https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
- https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
Published: 2017-03-23
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10059
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95206
- https://bugzilla.redhat.com/show_bug.cgi?id=1410469
- https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95206
- https://bugzilla.redhat.com/show_bug.cgi?id=1410469
- https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
Published: 2017-03-02
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10060
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95208
- https://bugzilla.redhat.com/show_bug.cgi?id=1410470
- https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
- https://github.com/ImageMagick/ImageMagick/issues/196
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95208
- https://bugzilla.redhat.com/show_bug.cgi?id=1410470
- https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
- https://github.com/ImageMagick/ImageMagick/issues/196
Published: 2017-03-03
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10066
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95217
- https://bugzilla.redhat.com/show_bug.cgi?id=1410491
- https://github.com/ImageMagick/ImageMagick/commit/e45e48b881038487d0bc94d92a16c1537616cc0a
- https://github.com/ImageMagick/ImageMagick/commit/f6e9d0d9955e85bdd7540b251cd50d598dacc5e6
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95217
- https://bugzilla.redhat.com/show_bug.cgi?id=1410491
- https://github.com/ImageMagick/ImageMagick/commit/e45e48b881038487d0bc94d92a16c1537616cc0a
- https://github.com/ImageMagick/ImageMagick/commit/f6e9d0d9955e85bdd7540b251cd50d598dacc5e6
Published: 2017-03-02
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10067
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95220
- https://bugzilla.redhat.com/show_bug.cgi?id=1410494
- https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95220
- https://bugzilla.redhat.com/show_bug.cgi?id=1410494
- https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
Published: 2017-03-02
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10069
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95216
- https://bugzilla.redhat.com/show_bug.cgi?id=1410507
- https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95216
- https://bugzilla.redhat.com/show_bug.cgi?id=1410507
- https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
Published: 2017-03-03
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10070
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95221
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
- https://bugzilla.redhat.com/show_bug.cgi?id=1410510
- https://github.com/ImageMagick/ImageMagick/commit/a6240a163cb787909703d9fc649cf861f60ddd7c
- https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95221
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
- https://bugzilla.redhat.com/show_bug.cgi?id=1410510
- https://github.com/ImageMagick/ImageMagick/commit/a6240a163cb787909703d9fc649cf861f60ddd7c
- https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
Published: 2017-03-02
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10071
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (5.5)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95222
- https://bugzilla.redhat.com/show_bug.cgi?id=1410513
- https://github.com/ImageMagick/ImageMagick/commit/1bc1fd0ff8c555841c78829217ac81fa0598255d
- https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
- http://www.openwall.com/lists/oss-security/2016/12/26/9
- http://www.securityfocus.com/bid/95222
- https://bugzilla.redhat.com/show_bug.cgi?id=1410513
- https://github.com/ImageMagick/ImageMagick/commit/1bc1fd0ff8c555841c78829217ac81fa0598255d
- https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
Published: 2016-06-10
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8
- http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
- http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
- http://www.debian.org/security/2016/dsa-3591
- http://www.debian.org/security/2016/dsa-3746
- http://www.openwall.com/lists/oss-security/2016/05/29/7
- http://www.openwall.com/lists/oss-security/2016/05/30/1
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/90938
- http://www.securitytracker.com/id/1035984
- http://www.securitytracker.com/id/1035985
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749
- http://www.ubuntu.com/usn/USN-2990-1
- https://access.redhat.com/errata/RHSA-2016:1237
- http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8
- http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog
- http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00047.html
- http://www.debian.org/security/2016/dsa-3591
- http://www.debian.org/security/2016/dsa-3746
- http://www.openwall.com/lists/oss-security/2016/05/29/7
- http://www.openwall.com/lists/oss-security/2016/05/30/1
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/90938
- http://www.securitytracker.com/id/1035984
- http://www.securitytracker.com/id/1035985
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.397749
- http://www.ubuntu.com/usn/USN-2990-1
- https://access.redhat.com/errata/RHSA-2016:1237
Published: 2016-12-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5687
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
Published: 2016-12-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5688
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.1)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
- https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
- https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4
- https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
- https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
- https://github.com/ImageMagick/ImageMagick/commits/6.9.4-4
- https://github.com/ImageMagick/ImageMagick/commits/7.0.1-5
Published: 2016-12-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5689
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
Published: 2016-12-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5690
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
Published: 2016-12-13
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-5691
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
- http://www.openwall.com/lists/oss-security/2016/06/14/5
- http://www.openwall.com/lists/oss-security/2016/06/17/3
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/91283
- https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html
- https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog
- https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog
- https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7513
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93121
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455
- https://bugzilla.redhat.com/show_bug.cgi?id=1378733
- https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93121
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455
- https://bugzilla.redhat.com/show_bug.cgi?id=1378733
- https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7515
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93120
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445
- https://bugzilla.redhat.com/show_bug.cgi?id=1378741
- https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
- https://github.com/ImageMagick/ImageMagick/issues/82
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93120
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445
- https://bugzilla.redhat.com/show_bug.cgi?id=1378741
- https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
- https://github.com/ImageMagick/ImageMagick/issues/82
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7516
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93129
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533452
- https://bugzilla.redhat.com/show_bug.cgi?id=1378743
- https://github.com/ImageMagick/ImageMagick/issues/77
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93129
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533452
- https://bugzilla.redhat.com/show_bug.cgi?id=1378743
- https://github.com/ImageMagick/ImageMagick/issues/77
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7517
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93128
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533449
- https://bugzilla.redhat.com/show_bug.cgi?id=1378744
- https://github.com/ImageMagick/ImageMagick/issues/80
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93128
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533449
- https://bugzilla.redhat.com/show_bug.cgi?id=1378744
- https://github.com/ImageMagick/ImageMagick/issues/80
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7518
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93130
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533447
- https://bugzilla.redhat.com/show_bug.cgi?id=1378745
- https://github.com/ImageMagick/ImageMagick/issues/81
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93130
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533447
- https://bugzilla.redhat.com/show_bug.cgi?id=1378745
- https://github.com/ImageMagick/ImageMagick/issues/81
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7519
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445
- https://bugzilla.redhat.com/show_bug.cgi?id=1378746
- https://github.com/ImageMagick/ImageMagick/issues/82
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445
- https://bugzilla.redhat.com/show_bug.cgi?id=1378746
- https://github.com/ImageMagick/ImageMagick/issues/82
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7520
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213
- https://bugzilla.redhat.com/show_bug.cgi?id=1378747
- https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
- https://github.com/ImageMagick/ImageMagick/issues/90
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537213
- https://bugzilla.redhat.com/show_bug.cgi?id=1378747
- https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
- https://github.com/ImageMagick/ImageMagick/issues/90
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7521
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537418
- https://bugzilla.redhat.com/show_bug.cgi?id=1378748
- https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
- https://github.com/ImageMagick/ImageMagick/issues/92
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537418
- https://bugzilla.redhat.com/show_bug.cgi?id=1378748
- https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
- https://github.com/ImageMagick/ImageMagick/issues/92
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7522
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537419
- https://bugzilla.redhat.com/show_bug.cgi?id=1378751
- https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
- https://github.com/ImageMagick/ImageMagick/issues/93
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537419
- https://bugzilla.redhat.com/show_bug.cgi?id=1378751
- https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
- https://github.com/ImageMagick/ImageMagick/issues/93
Published: 2020-02-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-7523
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537420
- https://bugzilla.redhat.com/show_bug.cgi?id=1378754
- https://github.com/ImageMagick/ImageMagick/issues/94
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537420
- https://bugzilla.redhat.com/show_bug.cgi?id=1378754
- https://github.com/ImageMagick/ImageMagick/issues/94
Published: 2020-02-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-7524
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537422
- https://bugzilla.redhat.com/show_bug.cgi?id=1378762
- https://github.com/ImageMagick/ImageMagick/commit/97c9f438a9b3454d085895f4d1f66389fd22a0fb
- https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6
- https://github.com/ImageMagick/ImageMagick/issues/96
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537422
- https://bugzilla.redhat.com/show_bug.cgi?id=1378762
- https://github.com/ImageMagick/ImageMagick/commit/97c9f438a9b3454d085895f4d1f66389fd22a0fb
- https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6
- https://github.com/ImageMagick/ImageMagick/issues/96
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7525
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537424
- https://bugzilla.redhat.com/show_bug.cgi?id=1378757
- https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
- https://github.com/ImageMagick/ImageMagick/issues/98
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537424
- https://bugzilla.redhat.com/show_bug.cgi?id=1378757
- https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
- https://github.com/ImageMagick/ImageMagick/issues/98
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7526
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/bugs/1539050
- https://bugzilla.redhat.com/show_bug.cgi?id=1378758
- https://github.com/ImageMagick/ImageMagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77
- https://github.com/ImageMagick/ImageMagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095
- https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
- https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
- https://github.com/ImageMagick/ImageMagick/issues/102
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/bugs/1539050
- https://bugzilla.redhat.com/show_bug.cgi?id=1378758
- https://github.com/ImageMagick/ImageMagick/commit/998c687fb83993c13fa711d75f59a95b38ceab77
- https://github.com/ImageMagick/ImageMagick/commit/b60d1ed0af37c50b91a40937825b4c61e8458095
- https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
- https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
- https://github.com/ImageMagick/ImageMagick/issues/102
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7527
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93220
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115
- https://bugzilla.redhat.com/show_bug.cgi?id=1378759
- https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
- https://github.com/ImageMagick/ImageMagick/commit/b3dd69b23e9338806891c708a0cc8a82c0d1872a
- https://github.com/ImageMagick/ImageMagick/issues/122
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93220
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542115
- https://bugzilla.redhat.com/show_bug.cgi?id=1378759
- https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
- https://github.com/ImageMagick/ImageMagick/commit/b3dd69b23e9338806891c708a0cc8a82c0d1872a
- https://github.com/ImageMagick/ImageMagick/issues/122
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7528
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93226
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537425
- https://bugzilla.redhat.com/show_bug.cgi?id=1378760
- https://github.com/ImageMagick/ImageMagick/commit/7be16a280014f895a951db4948df316a23dabc09
- https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
- https://github.com/ImageMagick/ImageMagick/issues/99
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93226
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537425
- https://bugzilla.redhat.com/show_bug.cgi?id=1378760
- https://github.com/ImageMagick/ImageMagick/commit/7be16a280014f895a951db4948df316a23dabc09
- https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
- https://github.com/ImageMagick/ImageMagick/issues/99
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7529
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052
- https://bugzilla.redhat.com/show_bug.cgi?id=1378761
- https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
- https://github.com/ImageMagick/ImageMagick/issues/103
- https://github.com/ImageMagick/ImageMagick/issues/104
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539051
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539052
- https://bugzilla.redhat.com/show_bug.cgi?id=1378761
- https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
- https://github.com/ImageMagick/ImageMagick/issues/103
- https://github.com/ImageMagick/ImageMagick/issues/104
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7530
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/bugs/1539053
- https://bugs.launchpad.net/bugs/1539067
- https://bugzilla.redhat.com/show_bug.cgi?id=1378762
- https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
- https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
- https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
- https://github.com/ImageMagick/ImageMagick/issues/105
- https://github.com/ImageMagick/ImageMagick/issues/110
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/bugs/1539053
- https://bugs.launchpad.net/bugs/1539067
- https://bugzilla.redhat.com/show_bug.cgi?id=1378762
- https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
- https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
- https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
- https://github.com/ImageMagick/ImageMagick/issues/105
- https://github.com/ImageMagick/ImageMagick/issues/110
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7532
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066
- https://bugzilla.redhat.com/show_bug.cgi?id=1378764
- https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c
- https://github.com/ImageMagick/ImageMagick/issues/109
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1539066
- https://bugzilla.redhat.com/show_bug.cgi?id=1378764
- https://github.com/ImageMagick/ImageMagick/commit/4f2c04ea6673863b87ac7f186cbb0d911f74085c
- https://github.com/ImageMagick/ImageMagick/issues/109
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7533
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542114
- https://bugzilla.redhat.com/show_bug.cgi?id=1378765
- https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
- https://github.com/ImageMagick/ImageMagick/issues/120
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542114
- https://bugzilla.redhat.com/show_bug.cgi?id=1378765
- https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
- https://github.com/ImageMagick/ImageMagick/issues/120
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7534
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785
- https://bugzilla.redhat.com/show_bug.cgi?id=1378767
- https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
- https://github.com/ImageMagick/ImageMagick/issues/126
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1542785
- https://bugzilla.redhat.com/show_bug.cgi?id=1378767
- https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
- https://github.com/ImageMagick/ImageMagick/issues/126
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7535
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180
- https://bugzilla.redhat.com/show_bug.cgi?id=1378768
- https://github.com/ImageMagick/ImageMagick/issues/128
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545180
- https://bugzilla.redhat.com/show_bug.cgi?id=1378768
- https://github.com/ImageMagick/ImageMagick/issues/128
Published: 2017-04-20
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7536
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93225
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367
- https://bugzilla.redhat.com/show_bug.cgi?id=1378772
- https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176
- https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
- https://github.com/ImageMagick/ImageMagick/issues/130
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93225
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545367
- https://bugzilla.redhat.com/show_bug.cgi?id=1378772
- https://github.com/ImageMagick/ImageMagick/commit/02dadf116124cfba35d7ebd9ced3e5ad0be0f176
- https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
- https://github.com/ImageMagick/ImageMagick/issues/130
Published: 2017-04-19
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-7537
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366
- https://bugzilla.redhat.com/show_bug.cgi?id=1378773
- https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
- https://github.com/ImageMagick/ImageMagick/commit/6d202a0514fb6a406456b8b728cde776becb25f8
- https://github.com/ImageMagick/ImageMagick/issues/143
- http://www.openwall.com/lists/oss-security/2016/09/22/2
- http://www.securityfocus.com/bid/93131
- https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1553366
- https://bugzilla.redhat.com/show_bug.cgi?id=1378773
- https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
- https://github.com/ImageMagick/ImageMagick/commit/6d202a0514fb6a406456b8b728cde776becb25f8
- https://github.com/ImageMagick/ImageMagick/issues/143
Published: 2017-02-15
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-8862
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.debian.org/security/2016/dsa-3726
- http://www.openwall.com/lists/oss-security/2016/10/20/2
- http://www.openwall.com/lists/oss-security/2016/10/20/3
- http://www.securityfocus.com/bid/93794
- https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1387135
- https://github.com/ImageMagick/ImageMagick/issues/271
- http://www.debian.org/security/2016/dsa-3726
- http://www.openwall.com/lists/oss-security/2016/10/20/2
- http://www.openwall.com/lists/oss-security/2016/10/20/3
- http://www.securityfocus.com/bid/93794
- https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
- https://bugzilla.redhat.com/show_bug.cgi?id=1387135
- https://github.com/ImageMagick/ImageMagick/issues/271
Closed bugs
CVE-2016-5118