Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-1097

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Mar, 2008 | 20:00
Updated At-07 Aug, 2024 | 08:08
Rejected At-
Credits

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Mar, 2008 | 20:00
Updated At:07 Aug, 2024 | 08:08
Rejected At:
▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://security.gentoo.org/glsa/glsa-201311-10.xml
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/28822
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=285861
x_refsource_MISC
http://secunia.com/advisories/29857
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0145.html
vendor-advisory
x_refsource_REDHAT
http://osvdb.org/43213
vdb-entry
x_refsource_OSVDB
http://www.securitytracker.com/id?1019881
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/55721
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29786
third-party-advisory
x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034
x_refsource_CONFIRM
http://secunia.com/advisories/30967
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
vdb-entry
signature
x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2008-0165.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
vendor-advisory
x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
vendor-advisory
x_refsource_MANDRIVA
http://www.debian.org/security/2009/dsa-1858
vendor-advisory
x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
vdb-entry
x_refsource_XF
http://secunia.com/advisories/36260
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://security.gentoo.org/glsa/glsa-201311-10.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/28822
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=285861
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/29857
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0145.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://osvdb.org/43213
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securitytracker.com/id?1019881
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/55721
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29786
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/30967
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0165.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.debian.org/security/2009/dsa-1858
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/36260
Resource:
third-party-advisory
x_refsource_SECUNIA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://security.gentoo.org/glsa/glsa-201311-10.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/28822
vdb-entry
x_refsource_BID
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=285861
x_refsource_MISC
x_transferred
http://secunia.com/advisories/29857
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0145.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://osvdb.org/43213
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securitytracker.com/id?1019881
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/55721
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29786
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/30967
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0165.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.debian.org/security/2009/dsa-1858
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/36260
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201311-10.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/28822
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=285861
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/29857
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0145.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://osvdb.org/43213
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019881
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/55721
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29786
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/30967
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0165.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1858
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/36260
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Mar, 2008 | 20:44
Updated At:29 Sep, 2017 | 01:30

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
ImageMagick Studio LLC
imagemagick
>>graphicsmagick>>1.1.7
cpe:2.3:a:imagemagick:graphicsmagick:1.1.7:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>graphicsmagick>>1.1.8
cpe:2.3:a:imagemagick:graphicsmagick:1.1.8:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>graphicsmagick>>1.1.9
cpe:2.3:a:imagemagick:graphicsmagick:1.1.9:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>graphicsmagick>>1.1.10
cpe:2.3:a:imagemagick:graphicsmagick:1.1.10:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>graphicsmagick>>1.1.11
cpe:2.3:a:imagemagick:graphicsmagick:1.1.11:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>graphicsmagick>>1.1.12
cpe:2.3:a:imagemagick:graphicsmagick:1.1.12:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>6.2.8.0
cpe:2.3:a:imagemagick:imagemagick:6.2.8.0:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>6.2.8.1
cpe:2.3:a:imagemagick:imagemagick:6.2.8.1:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>6.2.8.2
cpe:2.3:a:imagemagick:imagemagick:6.2.8.2:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>6.2.8.3
cpe:2.3:a:imagemagick:imagemagick:6.2.8.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-399Primarynvd@nist.gov
CWE ID: CWE-399
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlcve@mitre.org
N/A
http://osvdb.org/43213cve@mitre.org
N/A
http://secunia.com/advisories/29786cve@mitre.org
N/A
http://secunia.com/advisories/29857cve@mitre.org
N/A
http://secunia.com/advisories/30967cve@mitre.org
N/A
http://secunia.com/advisories/36260cve@mitre.org
N/A
http://secunia.com/advisories/55721cve@mitre.org
N/A
http://security.gentoo.org/glsa/glsa-201311-10.xmlcve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1858cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:099cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0145.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0165.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/28822cve@mitre.org
N/A
http://www.securitytracker.com/id?1019881cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=285861cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41193cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237cve@mitre.org
N/A
Hyperlink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/43213
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29786
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/29857
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/30967
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36260
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/55721
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201311-10.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1858
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:099
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0145.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0165.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/28822
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019881
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=285861
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41193
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

143Records found
CVE-2016-5688
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.24% / 84.23%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.

Action-Not Available
Vendor-n/aImageMagick Studio LLCOracle Corporation
Product-imagemagicksolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-28463
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-08 May, 2022 | 00:00
Updated-21 Nov, 2024 | 06:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-17879
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.34% / 79.68%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-10055
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.44%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10049
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.01%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10063
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 70.34%
||
7 Day CHG~0.00%
Published-02 Mar, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10056
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.11%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10057
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.44%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-10059
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.27%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.80%
||
7 Day CHG~0.00%
Published-05 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9822
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9819
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9821
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9825
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9824
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9820
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-9828
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-9833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.92%
||
7 Day CHG~0.00%
Published-22 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.39%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-2030
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-18.79% / 95.13%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 14:58
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.

Action-Not Available
Vendor-n/aImageMagick Studio LLCopenSUSECanonical Ltd.
Product-opensuseubuntu_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-4562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.73% / 72.24%
||
7 Day CHG-0.04%
Published-04 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-5248
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG~0.00%
Published-05 Jan, 2018 | 19:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.39%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-1958
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.14% / 78.09%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 14:58
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.

Action-Not Available
Vendor-n/aImageMagick Studio LLCopenSUSECanonical Ltd.
Product-opensuseubuntu_linuximagemagickn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2014-1947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-6.95% / 91.23%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 20:56
Updated-06 Aug, 2024 | 09:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.

Action-Not Available
Vendor-n/aImageMagick Studio LLCSUSE
Product-linux_enterprise_software_development_kitlinux_enterprise_serverlinux_enterprise_desktopimagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-15281
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.71%
||
7 Day CHG~0.00%
Published-12 Oct, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-29599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-68.75% / 98.58%
||
7 Day CHG~0.00%
Published-07 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2017-11449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.79%
||
7 Day CHG~0.00%
Published-19 Jul, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CVE-2017-10928
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.18% / 78.43%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-4563
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.73% / 72.24%
||
7 Day CHG-0.04%
Published-04 Jun, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-27766
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.29%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-11624
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.46%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 16:00
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-416
Use After Free
CVE-2020-19667
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.84%
||
7 Day CHG~0.00%
Published-20 Nov, 2020 | 00:00
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2014-9831
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-284
Improper Access Control
CVE-2014-9830
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.91%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-284
Improper Access Control
CVE-2017-5510
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.25%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-5506
Matching Score-8
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-8
Assigner-Debian GNU/Linux
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.57%
||
7 Day CHG~0.00%
Published-24 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-415
Double Free
CVE-2019-17547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.48% / 64.56%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 01:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-416
Use After Free
CVE-2012-1185
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.29% / 79.34%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEImageMagick Studio LLCDebian GNU/Linux
Product-debian_linuxopensuseimagemagickubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-12664
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.40%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-13306
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.19%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:53
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2012-0247
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-4.21% / 88.49%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.ImageMagick Studio LLCDebian GNU/Linux
Product-storageenterprise_linux_desktopenterprise_linux_server_ausubuntu_linuximagemagickenterprise_linux_eusenterprise_linux_workstationdebian_linuxenterprise_linux_server_eusenterprise_linux_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12666
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.10%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-12663
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.40%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-12640
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.60%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.98%
||
7 Day CHG~0.00%
Published-06 Aug, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-834
Excessive Iteration
CVE-2017-11170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.83%
||
7 Day CHG~0.00%
Published-11 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2014-9832
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 41.92%
||
7 Day CHG~0.00%
Published-22 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-9817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.53%
||
7 Day CHG~0.00%
Published-30 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found