This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Imagemagick First view 2010-11-22
Product Imagemagick Last view 2024-07-29
Version 6.5.4-2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:imagemagick:imagemagick

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.8 2024-07-29 CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.

5.5 2023-11-19 CVE-2023-5341

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.

5.5 2023-10-04 CVE-2023-3428

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.

3.3 2023-08-08 CVE-2023-39978

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

5.5 2023-07-24 CVE-2023-3745

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

5.5 2023-06-16 CVE-2023-34475

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.

5.5 2023-06-16 CVE-2023-34474

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

5.5 2023-06-16 CVE-2023-3195

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.

5.5 2023-06-06 CVE-2023-2157

A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.

7.8 2023-05-30 CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.

9.8 2023-05-30 CVE-2023-34152

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

5.5 2023-05-30 CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).

5.5 2023-04-12 CVE-2023-1906

A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.

5.5 2023-03-23 CVE-2023-1289

A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.

5.5 2022-09-19 CVE-2022-3213

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

5.5 2022-08-29 CVE-2022-1115

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

7.1 2022-08-29 CVE-2022-0284

A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.

5.5 2022-08-25 CVE-2021-20224

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.

5.5 2022-08-10 CVE-2022-2719

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

7.8 2022-06-16 CVE-2022-32547

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

7.8 2022-06-16 CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

7.8 2022-06-16 CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

7.1 2022-04-29 CVE-2022-1114

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.

5.5 2022-03-23 CVE-2021-4219

A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.

7.5 2022-02-24 CVE-2021-3610

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
19% (44) CWE-125 Out-of-bounds Read
13% (31) CWE-190 Integer Overflow or Wraparound
10% (23) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (18) CWE-369 Divide By Zero
6% (15) CWE-787 Out-of-bounds Write
4% (11) CWE-476 NULL Pointer Dereference
4% (11) CWE-416 Use After Free
4% (11) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
4% (10) CWE-20 Improper Input Validation
4% (9) CWE-772 Missing Release of Resource after Effective Lifetime
2% (6) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (5) CWE-122 Heap-based Buffer Overflow
1% (4) CWE-200 Information Exposure
1% (3) CWE-617 Reachable Assertion
1% (3) CWE-399 Resource Management Errors
0% (2) CWE-284 Access Control (Authorization) Issues
0% (2) CWE-252 Unchecked Return Value
0% (2) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (1) CWE-770 Allocation of Resources Without Limits or Throttling
0% (1) CWE-754 Improper Check for Unusual or Exceptional Conditions
0% (1) CWE-704 Incorrect Type Conversion or Cast
0% (1) CWE-674 Uncontrolled Recursion
0% (1) CWE-668 Exposure of Resource to Wrong Sphere
0% (1) CWE-427 Uncontrolled Search Path Element
0% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
69445 ImageMagick configure.c Search Path Subversion Local Privilege Escalation

OpenVAS Exploits

id Description
2013-09-18 Name : Debian Security Advisory DSA 2462-2 (imagemagick - several vulnerabilities)
File : nvt/deb_2462_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2427-1 (imagemagick - several vulnerabilities)
File : nvt/deb_2427_1.nasl
2012-08-30 Name : Fedora Update for ImageMagick FEDORA-2012-11746
File : nvt/gb_fedora_2012_11746_ImageMagick_fc16.nasl
2012-08-10 Name : FreeBSD Ports: ImageMagick
File : nvt/freebsd_ImageMagick7.nasl
2012-08-03 Name : Mandriva Update for imagemagick MDVSA-2012:077 (imagemagick)
File : nvt/gb_mandriva_MDVSA_2012_077.nasl
2012-08-03 Name : Mandriva Update for imagemagick MDVSA-2012:078 (imagemagick)
File : nvt/gb_mandriva_MDVSA_2012_078.nasl
2012-07-30 Name : CentOS Update for ImageMagick CESA-2012:0545 centos5
File : nvt/gb_CESA-2012_0545_ImageMagick_centos5.nasl
2012-07-30 Name : CentOS Update for ImageMagick CESA-2012:0544 centos6
File : nvt/gb_CESA-2012_0544_ImageMagick_centos6.nasl
2012-07-09 Name : RedHat Update for ImageMagick RHSA-2012:0544-01
File : nvt/gb_RHSA-2012_0544-01_ImageMagick.nasl
2012-06-25 Name : Fedora Update for ImageMagick FEDORA-2012-9313
File : nvt/gb_fedora_2012_9313_ImageMagick_fc16.nasl
2012-05-08 Name : RedHat Update for ImageMagick RHSA-2012:0545-01
File : nvt/gb_RHSA-2012_0545-01_ImageMagick.nasl
2012-05-04 Name : Ubuntu Update for imagemagick USN-1435-1
File : nvt/gb_ubuntu_USN_1435_1.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201203-09 (ImageMagick)
File : nvt/glsa_201203_09.nasl
2012-02-21 Name : RedHat Update for ImageMagick RHSA-2012:0301-03
File : nvt/gb_RHSA-2012_0301-03_ImageMagick.nasl
2010-12-28 Name : Fedora Update for ImageMagick FEDORA-2010-19025
File : nvt/gb_fedora_2010_19025_ImageMagick_fc14.nasl
2010-12-28 Name : Fedora Update for ImageMagick FEDORA-2010-19056
File : nvt/gb_fedora_2010_19056_ImageMagick_fc13.nasl
2010-12-23 Name : Ubuntu Update for imagemagick vulnerability USN-1028-1
File : nvt/gb_ubuntu_USN_1028_1.nasl

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-01-03 Imagemagick XBM tranformation information leak attempt
RuleID : 52312 - Type : FILE-IMAGE - Revision : 1
2019-02-21 Imagemagick XBM tranformation information leak attempt
RuleID : 48937 - Type : FILE-IMAGE - Revision : 1
2017-07-06 ImageMagick SyncExifProfile out-of-bounds memory read attempt
RuleID : 43098 - Type : FILE-IMAGE - Revision : 1
2017-07-06 ImageMagick SyncExifProfile out-of-bounds memory read attempt
RuleID : 43097 - Type : FILE-IMAGE - Revision : 1
2017-07-06 ImageMagick SyncExifProfile out-of-bounds memory read attempt
RuleID : 43096 - Type : FILE-IMAGE - Revision : 1
2017-07-06 ImageMagick SyncExifProfile out-of-bounds memory read attempt
RuleID : 43095 - Type : FILE-IMAGE - Revision : 1
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41902 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41901 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41900 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41899 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41898 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics ephemeral access attempt
RuleID : 41897 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41894 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41893 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41892 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41891 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41890 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick magick vector graphics msl access attempt
RuleID : 41889 - Type : POLICY-OTHER - Revision : 2
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41888 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41887 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41886 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41885 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41884 - Type : SERVER-OTHER - Revision : 1
2017-04-12 ImageMagick mvg label arbitrary file read attempt
RuleID : 41883 - Type : SERVER-OTHER - Revision : 1
2017-04-06 ImageMagick mvg processing command server side request forgery attempt
RuleID : 41809 - Type : FILE-IMAGE - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-10-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1530.nasl - Type: ACT_GATHER_INFO
2018-08-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-1456.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4245.nasl - Type: ACT_GATHER_INFO
2018-06-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1401.nasl - Type: ACT_GATHER_INFO
2018-06-27 Name: The remote Debian host is missing a security update.
File: debian_DLA-1394.nasl - Type: ACT_GATHER_INFO
2018-05-24 Name: The remote Debian host is missing a security update.
File: debian_DLA-1381.nasl - Type: ACT_GATHER_INFO
2018-05-21 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4204.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-f5a9805c5b.nasl - Type: ACT_GATHER_INFO
2018-01-04 Name: The remote Debian host is missing a security update.
File: debian_DLA-1229.nasl - Type: ACT_GATHER_INFO
2018-01-02 Name: The remote Debian host is missing a security update.
File: debian_DLA-1227.nasl - Type: ACT_GATHER_INFO
2017-12-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4074.nasl - Type: ACT_GATHER_INFO
2017-12-01 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3168-1.nasl - Type: ACT_GATHER_INFO
2017-11-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4040.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4032.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201711-07.nasl - Type: ACT_GATHER_INFO
2017-11-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1270.nasl - Type: ACT_GATHER_INFO
2017-11-09 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-2949-1.nasl - Type: ACT_GATHER_INFO
2017-11-06 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4019.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1199.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-66d9113c7a.nasl - Type: ACT_GATHER_INFO
2017-10-18 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-897a192750.nasl - Type: ACT_GATHER_INFO
2017-10-11 Name: The remote Debian host is missing a security update.
File: debian_DLA-1131.nasl - Type: ACT_GATHER_INFO
2017-09-20 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-3a568adb31.nasl - Type: ACT_GATHER_INFO
2017-09-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2017-8f27031c8f.nasl - Type: ACT_GATHER_INFO
2017-09-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1081.nasl - Type: ACT_GATHER_INFO