This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Imagemagick First view 2017-07-13
Product Imagemagick Last view 2020-06-07
Version 7.0.6-1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:imagemagick:imagemagick

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.1 2020-06-07 CVE-2020-13902

ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.

9.8 2019-12-24 CVE-2019-19952

In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.

9.1 2019-12-24 CVE-2019-19949

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.

6.5 2019-11-11 CVE-2019-18853

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.

8.8 2019-10-13 CVE-2019-17547

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.

8.8 2019-10-13 CVE-2019-17541

ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.

8.8 2019-10-13 CVE-2019-17540

ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.

6.5 2019-08-12 CVE-2019-14981

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

6.5 2019-08-12 CVE-2019-14980

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.

6.5 2019-07-01 CVE-2019-13137

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.

7.8 2019-07-01 CVE-2019-13136

ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.

7.8 2019-07-01 CVE-2019-13135

ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.

5.5 2019-07-01 CVE-2019-13134

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.

5.5 2019-07-01 CVE-2019-13133

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.

7.1 2019-04-30 CVE-2019-10131

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

6.5 2019-04-02 CVE-2019-10714

LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.

7.5 2019-03-07 CVE-2019-7175

In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

7.5 2019-02-04 CVE-2019-7398

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

7.5 2019-02-04 CVE-2019-7397

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

7.5 2019-02-04 CVE-2019-7396

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

7.5 2019-02-04 CVE-2019-7395

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

6.5 2018-12-25 CVE-2018-20467

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

6.5 2018-09-09 CVE-2018-16750

In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.

6.5 2018-09-09 CVE-2018-16749

In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.

9.8 2018-09-01 CVE-2018-16329

In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.

CWE : Common Weakness Enumeration

%idName
26% (19) CWE-772 Missing Release of Resource after Effective Lifetime
15% (11) CWE-125 Out-of-bounds Read
10% (8) CWE-416 Use After Free
10% (8) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
8% (6) CWE-770 Allocation of Resources Without Limits or Throttling
6% (5) CWE-476 NULL Pointer Dereference
5% (4) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (3) CWE-617 Reachable Assertion
2% (2) CWE-200 Information Exposure
1% (1) CWE-682 Incorrect Calculation
1% (1) CWE-681 Incorrect Conversion between Numeric Types
1% (1) CWE-674 Uncontrolled Recursion
1% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (1) CWE-369 Divide By Zero
1% (1) CWE-190 Integer Overflow or Wraparound
1% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...

Snort® IPS/IDS

Date Description
2020-01-03 Imagemagick XBM tranformation information leak attempt
RuleID : 52312 - Type : FILE-IMAGE - Revision : 1
2019-02-21 Imagemagick XBM tranformation information leak attempt
RuleID : 48937 - Type : FILE-IMAGE - Revision : 1

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-18 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4321.nasl - Type: ACT_GATHER_INFO
2018-10-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1530.nasl - Type: ACT_GATHER_INFO
2018-08-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-1456.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4245.nasl - Type: ACT_GATHER_INFO
2018-06-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1394.nasl - Type: ACT_GATHER_INFO
2018-05-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1381.nasl - Type: ACT_GATHER_INFO
2018-05-21 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4204.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-f5a9805c5b.nasl - Type: ACT_GATHER_INFO
2018-01-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1229.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1227.nasl - Type: ACT_GATHER_INFO
2017-12-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4074.nasl - Type: ACT_GATHER_INFO
2017-12-18 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1386.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1362.nasl - Type: ACT_GATHER_INFO
2017-12-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1346.nasl - Type: ACT_GATHER_INFO
2017-12-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3168-1.nasl - Type: ACT_GATHER_INFO
2017-11-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4040.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1270.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201711-07.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4032.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2949-1.nasl - Type: ACT_GATHER_INFO
2017-11-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4019.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1140.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1139.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-897a192750.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-66d9113c7a.nasl - Type: ACT_GATHER_INFO