Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-8900

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Feb, 2017 | 22:00
Updated At-06 Aug, 2024 | 08:29
Rejected At-
Credits

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Feb, 2017 | 22:00
Updated At:06 Aug, 2024 | 08:29
Rejected At:
▼CVE Numbering Authority (CNA)

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2015/02/26/13
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/06/06/2
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1195260
x_refsource_CONFIRM
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
x_refsource_CONFIRM
http://trac.imagemagick.org/changeset/17846
x_refsource_CONFIRM
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
x_refsource_CONFIRM
http://trac.imagemagick.org/changeset/17845
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2015/02/26/13
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/06/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1195260
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
Resource:
x_refsource_CONFIRM
Hyperlink: http://trac.imagemagick.org/changeset/17846
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
Resource:
x_refsource_CONFIRM
Hyperlink: http://trac.imagemagick.org/changeset/17845
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2015/02/26/13
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2016/06/06/2
mailing-list
x_refsource_MLIST
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=1195260
x_refsource_CONFIRM
x_transferred
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
x_refsource_CONFIRM
x_transferred
http://trac.imagemagick.org/changeset/17846
x_refsource_CONFIRM
x_transferred
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
x_refsource_CONFIRM
x_transferred
http://trac.imagemagick.org/changeset/17845
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2015/02/26/13
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/06/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1195260
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://trac.imagemagick.org/changeset/17846
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://trac.imagemagick.org/changeset/17845
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Feb, 2017 | 22:59
Updated At:13 May, 2026 | 00:24

The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches

ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions from 6.0(inclusive) to 6.9.3-10(inclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
ImageMagick Studio LLC
imagemagick
>>imagemagick>>Versions from 7.0.1-0(inclusive) to 7.0.5-0(inclusive)
cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-835Primarynvd@nist.gov
CWE ID: CWE-835
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://trac.imagemagick.org/changeset/17845cve@mitre.org
Broken Link
http://trac.imagemagick.org/changeset/17846cve@mitre.org
Broken Link
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929cve@mitre.org
Exploit
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/02/26/13cve@mitre.org
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/06/2cve@mitre.org
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1195260cve@mitre.org
Issue Tracking
Patch
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6cve@mitre.org
Issue Tracking
Patch
Third Party Advisory
http://trac.imagemagick.org/changeset/17845af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://trac.imagemagick.org/changeset/17846af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/02/26/13af854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/06/2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1195260af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://trac.imagemagick.org/changeset/17845
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://trac.imagemagick.org/changeset/17846
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
Source: cve@mitre.org
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2015/02/26/13
Source: cve@mitre.org
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/06/2
Source: cve@mitre.org
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1195260
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://trac.imagemagick.org/changeset/17845
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://trac.imagemagick.org/changeset/17846
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2015/02/26/13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2016/06/06/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Patch
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1195260
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

528Records found

CVE-2012-1186
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.88% / 76.95%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEDebian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxopensusen/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2012-0248
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-5.5||MEDIUM
EPSS-2.10% / 79.40%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCRed Hat, Inc.Debian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopstorageenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_eusn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-46521
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 1.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 21:40
Updated-11 Jun, 2026 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and 7.1.2-23.

Action-Not Available
Vendor-ImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-252
Unchecked Return Value
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-20467
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.10% / 86.16%
||
7 Day CHG~0.00%
Published-26 Dec, 2018 | 03:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-18024
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.00% / 85.74%
||
7 Day CHG~0.00%
Published-07 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-10177
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.17% / 86.47%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 23:00
Updated-05 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-14173
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.94% / 77.66%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCDebian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-14741
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 68.70%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-8902
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.95% / 77.83%
||
7 Day CHG-0.02%
Published-27 Feb, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-8903
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 78.07%
||
7 Day CHG-0.01%
Published-27 Feb, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2015-8901
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.95% / 77.83%
||
7 Day CHG-0.01%
Published-27 Feb, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2014-8561
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.17% / 80.05%
||
7 Day CHG~0.00%
Published-15 Dec, 2019 | 21:34
Updated-06 Aug, 2024 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

imagemagick 6.8.9.6 has remote DOS via infinite loop

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2019-16708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16710
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-27756
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.83% / 53.17%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-369
Divide By Zero
CVE-2020-27761
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.07% / 60.88%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-16709
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.81% / 84.82%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:46
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Action-Not Available
Vendor-n/aImageMagick Studio LLCopenSUSECanonical Ltd.
Product-ubuntu_linuximagemagickbackportsleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-27771
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.16% / 63.29%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aRed Hat, Inc.Debian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickenterprise_linuxImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-27764
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.15% / 62.91%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-25676
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.17% / 63.65%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-25667
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.09% / 61.49%
||
7 Day CHG-0.11%
Published-08 Dec, 2020 | 20:57
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickImageMagick
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2013-4298
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-4.69% / 90.68%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3437
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.75% / 84.44%
||
7 Day CHG~0.00%
Published-07 Aug, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CVE-2017-18272
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.21% / 64.64%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 19:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-416
Use After Free
CVE-2019-16713
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-16712
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.61% / 83.50%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-imagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2012-0259
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-2.36% / 81.71%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEDebian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxopensusen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2012-0260
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-6.5||MEDIUM
EPSS-2.36% / 81.71%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSERed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_ausdebian_linuximagemagickubuntu_linuxenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopstorageenterprise_linux_server_eusenterprise_linux_eusopensusen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-16711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.48% / 82.66%
||
7 Day CHG~0.00%
Published-23 Sep, 2019 | 11:45
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2017-13141
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.57%
||
7 Day CHG~0.00%
Published-23 Aug, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-15139
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.50% / 87.73%
||
7 Day CHG~0.00%
Published-18 Aug, 2019 | 18:31
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-3213
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 37.04%
||
7 Day CHG+0.02%
Published-19 Sep, 2022 | 17:31
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectImageMagick Studio LLC
Product-extra_packages_for_enterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14980
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.89% / 77.00%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 22:06
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-imagemagickleapn/a
CWE ID-CWE-416
Use After Free
CVE-2022-2719
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 23.67%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:18
Updated-06 Mar, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.

Action-Not Available
Vendor-n/aFedora ProjectImageMagick Studio LLC
Product-imagemagickextra_packages_for_enterprise_linuxfedoraImageMagick
CWE ID-CWE-617
Reachable Assertion
CVE-2017-18250
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 68.73%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-17887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.11%
||
7 Day CHG~0.00%
Published-24 Dec, 2017 | 04:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2017-17934
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.50% / 82.73%
||
7 Day CHG~0.00%
Published-27 Dec, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLC
Product-imagemagickubuntu_linuxn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-14981
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.69% / 84.07%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 22:06
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-18252
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-27 Mar, 2018 | 03:00
Updated-05 Aug, 2024 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-617
Reachable Assertion
CVE-2017-18027
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.05% / 85.97%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

Action-Not Available
Vendor-n/aImageMagick Studio LLCCanonical Ltd.
Product-ubuntu_linuximagemagickn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2019-13454
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.35% / 90.05%
||
7 Day CHG~0.00%
Published-09 Jul, 2019 | 16:07
Updated-11 Jul, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxopenSUSECanonical Ltd.ImageMagick Studio LLC
Product-debian_linuxleapimagemagickubuntu_linuxn/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-12974
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.30% / 81.21%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:07
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-13134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.10% / 61.54%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 19:27
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-imagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.10% / 61.54%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 19:27
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-imagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-12975
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.25% / 80.81%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:08
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-12976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-2.38% / 81.85%
||
7 Day CHG~0.00%
Published-26 Jun, 2019 | 17:08
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.88% / 76.98%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 19:27
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.13% / 79.72%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:50
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.

Action-Not Available
Vendor-n/aopenSUSEImageMagick Studio LLC
Product-imagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13310
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.18% / 80.18%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:53
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.

Action-Not Available
Vendor-n/aImageMagick Studio LLCopenSUSECanonical Ltd.
Product-ubuntu_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2019-13311
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.77% / 84.61%
||
7 Day CHG~0.00%
Published-05 Jul, 2019 | 00:54
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.

Action-Not Available
Vendor-n/aImageMagick Studio LLCDebian GNU/LinuxopenSUSECanonical Ltd.
Product-ubuntu_linuxdebian_linuximagemagickleapn/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found