Latest imagemagick imagemagick Vulnerabilities

CVE-2023-5341
Imagemagick: heap use-after-free in coders/bmp.c
redhat/ImageMagick<7.1.2
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.15+
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.7.7.10-6ubuntu3.13+
ubuntu/imagemagick<8:6.8.9.9-7ubuntu5.16+
and 6 more
CVE-2021-40211
An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
ImageMagick ImageMagick=7.1.0-4
CVE-2022-48541
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.15+
ubuntu/imagemagick<8:6.7.7.10-6ubuntu3.13+
ubuntu/imagemagick<8:6.8.9.9-7ubuntu5.16+
ubuntu/imagemagick<8:6.9.11.57+dfsg-1
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9+
ImageMagick ImageMagick=6.9.11-22
and 4 more
CVE-2023-39978
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
ImageMagick ImageMagick<6.9.12-91
Fedoraproject Fedora=37
CVE-2023-3745
ImageMagick ImageMagick>=6.0<6.9-11-0
ImageMagick ImageMagick>=7.0.0-0<7.0.10-0
redhat/ImageMagick6 6.9.11<0
redhat/ImageMagick 7.0.10<0
CVE-2023-3428
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an ap...
ImageMagick ImageMagick<7.1.1-19
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora
redhat/ImageMagick 7.1.1<19
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
and 3 more
CVE-2023-34474
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an...
ImageMagick ImageMagick<7.1.1-10
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2023-34475
A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an ...
ImageMagick ImageMagick<7.1.1-10
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
redhat/ImageMagick 7.1.1<10
CVE-2023-3195
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an applicatio...
ImageMagick ImageMagick<6.9.12-26
ImageMagick ImageMagick>=7.1.1-0<7.1.1-10
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
redhat/ImageMagick 6.9.12<26
and 6 more
CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
ImageMagick ImageMagick<7.1.1.11
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
and 9 more
CVE-2023-34153
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
ImageMagick ImageMagick<7.1.1.11
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
ImageMagick ImageMagick<7.1.1.11
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
CVE-2023-2157
A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
ImageMagick ImageMagick<7.1.1-9
CVE-2023-1906
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, trigg...
<6.9.12-84
=7.1.1-4
=8.0
=37
ImageMagick ImageMagick<6.9.12-84
ImageMagick ImageMagick=7.1.1-4
and 9 more
CVE-2023-1289
A specially created SVG file that loads by itself and make segmentation fault. Remote attackers can take advantage of this vulnerability to cause a denial of service of the generated SVG file. It see...
<7.1.1-0
=8.0
=9.0
=36
=37
=8.0
and 16 more
CVE-2022-44267
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
debian/imagemagick<=8:6.9.10.23+dfsg-2.1+deb10u1
ImageMagick ImageMagick=7.1.0-49
CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick bi...
debian/imagemagick<=8:6.9.10.23+dfsg-2.1+deb10u1
ImageMagick ImageMagick=7.1.0-49
CVE-2022-3213
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
ImageMagick ImageMagick<6.9.12-62
ImageMagick ImageMagick>=7.1.0-0<7.1.0-47
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Extra Packages For Enterprise Linux=9.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 3 more
CVE-2021-3574
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
=7.0.11-5
=35
=36
=37
ImageMagick ImageMagick=7.0.11-5
Fedoraproject Fedora=35
and 7 more
CVE-2021-20224
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of re...
ImageMagick ImageMagick<6.9.11-57
ImageMagick ImageMagick>=7.0.0-0<7.0.10-57
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.14
ubuntu/imagemagick<8:6.7.7.10-6ubuntu3.13+
ubuntu/imagemagick<8:6.9.11.57+dfsg-1
and 2 more
CVE-2022-2719
In ImageMagick 7.1.0-29, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denia...
redhat/ImageMagick 7.1.0<30
Fedoraproject Extra Packages For Enterprise Linux=8.0
ImageMagick ImageMagick<7.1.0-30
Fedoraproject Fedora=36
CVE-2022-32545
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a ne...
<6.9.12-43
>=7.1.0<7.1.0-28
=8.0
=36
=7.0
ImageMagick ImageMagick<6.9.12-43
and 12 more
CVE-2022-32546
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a ne...
<6.9.12-44
>=7.1.0<7.1.0-29
=8.0
=36
=6.0
=7.0
and 15 more
CVE-2022-32547
In ImageMagick version &lt; 7.1.0-30, there are runtime errors: * load of misaligned address 0x62300000714d for type 'double', which requires 8 byte alignment * load of misaligned address 0x62300000...
<6.9.12-45
>=7.1.0-0<7.1.0-30
=36
=6.0
=7.0
ImageMagick ImageMagick<6.9.12-45
and 13 more
CVE-2022-28463
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
=7.1.0-27
=9.0
ImageMagick ImageMagick=7.1.0-27
Debian Debian Linux=9.0
debian/imagemagick<=8:6.9.10.23+dfsg-2.1+deb10u1<=8:6.9.11.60+dfsg-1.3+deb11u1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
and 5 more
CVE-2022-1115
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file ...
ImageMagick ImageMagick<6.9.12-44
ImageMagick ImageMagick>=7.0.0-0<7.1.0-29
redhat/ImageMagick6 v6.9.12<44
redhat/ImageMagick7 v7.1.0<29
CVE-2022-1114
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageM...
redhat/ImageMagick6 v6.9.12<43
redhat/ImageMagick7 v7.1.0<28
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
and 5 more
CVE-2021-4219
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.
redhat/imagemagick 6.9.12<34
redhat/imagemagick 7.1.0<19
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
and 5 more
CVE-2022-0284
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image F...
ImageMagick ImageMagick<7.1.0-20
redhat/ImageMagick 7.1.0<20
CVE-2021-3962
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that lead...
ImageMagick ImageMagick=7.1.0-14
CVE-2021-39212
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected ver...
ImageMagick ImageMagick>=6.9.12-0<6.9.12-22
ImageMagick ImageMagick>=7.1.0-0<7.1.0-7
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
and 4 more
CVE-2021-3610
Update CVE-2021-3610: ImageMagick
redhat/ImageMagick 7.0.11<14
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.6ubuntu0.23.04.1
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.6ubuntu1
>=6.9.10.88<6.9.12-14
and 8 more
CVE-2021-3596
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePu...
ImageMagick ImageMagick<7.0.10-31
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Fedoraproject Fedora=34
Debian Debian Linux=9.0
and 1 more
CVE-2021-20310
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is subm...
ImageMagick ImageMagick<7.0.11-0
CVE-2021-20313
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to dat...
ImageMagick ImageMagick<7.0.11-0
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.12
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
ubuntu/imagemagick<8:6.7.7.10-6ubuntu3.13+
ubuntu/imagemagick<8:6.8.9.9-7ubuntu5.16+
and 6 more
CVE-2021-20312
A flaw was found in ImageMagick before version 7.0.11. A integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via crafted image file. Upstream patch: <a href=...
ImageMagick ImageMagick<7.0.11-0
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
ubuntu/imagemagick<8:6.8.9.9-7ubuntu5.16+
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.12
ubuntu/imagemagick<8:6.7.7.10-6ubuntu3.13+
and 6 more
CVE-2021-20309
A flaw was found in ImageMagick before version 7.0.11 and 6.9.12. A division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via crafted image file. Upstream issu...
ImageMagick ImageMagick<6.9.12
ImageMagick ImageMagick>=7.0.0-0<7.0.11-0
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu1
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.12
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9
and 8 more
CVE-2021-20244
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by...
ImageMagick ImageMagick<7.0.10-62
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=33
Debian Debian Linux=9.0
and 10 more
CVE-2021-20243
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. T...
ImageMagick ImageMagick<7.0.10-62
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.14
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
and 6 more
CVE-2021-20241
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The high...
ImageMagick ImageMagick<6.9.11-62
ImageMagick ImageMagick>=7.0.10<7.0.10-62
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.14
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9
ubuntu/imagemagick<8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1
and 7 more
CVE-2021-20245
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This wo...
ImageMagick ImageMagick<6.9.11-62
ImageMagick ImageMagick>=7.0.0<7.0.10-62
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=33
and 8 more
CVE-2021-20246
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero....
ImageMagick ImageMagick<6.9.11-62
ImageMagick ImageMagick>=7.0.0<7.0.10-62
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Fedoraproject Fedora=33
and 12 more
CVE-2020-27829
A flaw was found in ImageMagick 7.0.10-45. A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service. Upstream patch: <a href="https://github.com/ImageMagick/Im...
redhat/ImageMagick 7.0.10<45
ImageMagick ImageMagick<7.0.10-45
CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior ...
ImageMagick ImageMagick<6.9.11-57
ImageMagick ImageMagick>=7.0.0-0<7.0.10-56
Debian Debian Linux=9.0
redhat/ImageMagick 6.9.11<57
redhat/ImageMagick 7.0.10<57
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.11
and 5 more
CVE-2020-29599
ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not proper...
ImageMagick ImageMagick>=6.9.8-1<6.9.11-40
ImageMagick ImageMagick>=7.0.5-3<7.0.10-40
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.11.57+dfsg-1
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.9
debian/imagemagick<=8:6.9.10.23+dfsg-2.1+deb10u1
CVE-2020-19667
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
ImageMagick ImageMagick=7.0.10-7
Debian Debian Linux=9.0
ubuntu/imagemagick<8:6.9.11.24+dfsg-1
ubuntu/imagemagick<8:6.8.9.9-7ubuntu5.16+
ubuntu/imagemagick<8:6.9.7.4+dfsg-16ubuntu6.11
ubuntu/imagemagick<8:6.9.10.23+dfsg-2.1ubuntu11.4
and 2 more
CVE-2020-27776
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the ra...
ImageMagick ImageMagick<6.9.10-69
ImageMagick ImageMagick>=7.0.0-0<7.0.9
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
ubuntu/imagemagick<8:6.9.11.24+dfsg-1
and 5 more
CVE-2020-27775
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the rang...
ImageMagick ImageMagick<6.9.10-69
ImageMagick ImageMagick>=7.0.0-0<7.0.9
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Debian Debian Linux=9.0
and 6 more
CVE-2020-27774
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for...
ImageMagick ImageMagick<6.9.10-69
ImageMagick ImageMagick>=7.0.0-0<7.0.9-0
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Debian Debian Linux=9.0
and 6 more
CVE-2020-27773
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the ...
ImageMagick ImageMagick<6.9.10-69
ImageMagick ImageMagick>=7.0.0-0<7.0.9
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Debian Debian Linux=9.0
and 6 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203