The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
ImageMagick: NULL pointer dereference in GetMagickProperty function in MagickCore/property.c (CVE-2018-16329)
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
(CVE-2016-10046)
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. (CVE-2016-10047)
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. (CVE-2016-10048)
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. (CVE-2016-10049)
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. (CVE-2016-10050)
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10051)
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10052)
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
(CVE-2016-10053)
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10054)
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10055)
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10057)
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. (CVE-2016-10058)
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. (CVE-2016-10059)
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10060)
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file. (CVE-2016-10061)
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10062)
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. (CVE-2016-10063)
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10064)
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
(CVE-2016-10065)
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10066)
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving too many exceptions, which trigger a buffer overflow.
(CVE-2016-10067)
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. (CVE-2016-10068)
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. (CVE-2016-10069)
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. (CVE-2016-10070)
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of- bounds read and application crash) via a crafted mat file. (CVE-2016-10071)
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. (CVE-2016-10144)
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. (CVE-2016-10145)
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. (CVE-2016-10146)
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. (CVE-2016-10252)
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of- bounds read) via a crafted TIFF file. (CVE-2016-5010)
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. (CVE-2016-6491)
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
(CVE-2016-6823)
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of- bounds read) via a large row value in an sgi file. (CVE-2016-7101)
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. (CVE-2016-7515)
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. (CVE-2016-7516)
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. (CVE-2016-7517)
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. (CVE-2016-7518)
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. (CVE-2016-7519)
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. (CVE-2016-7520)
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7521, CVE-2016-7525)
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7522)
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. (CVE-2016-7523)
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. (CVE-2016-7526)
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. (CVE-2016-7528)
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. (CVE-2016-7529)
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by- zero error or out-of-bounds write) via a crafted file. (CVE-2016-7530)
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. (CVE-2016-7531)
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7532)
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. (CVE-2016-7533)
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. (CVE-2016-7534)
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. (CVE-2016-7535)
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. (CVE-2016-7537)
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. (CVE-2016-7538)
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. (CVE-2016-7539)
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. (CVE-2016-7799)
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after- free) via a crafted file. (CVE-2016-7906)
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
(CVE-2016-8677)
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. (CVE-2016-8707)
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
(CVE-2016-8862)
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. (CVE-2016-8866)
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. (CVE-2016-9556)
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image. (CVE-2016-9559)
ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service (CVE-2017-1000445)
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (CVE-2017-10928)
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. (CVE-2017-10995)
The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
(CVE-2017-11141)
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. (CVE-2017-11170)
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. (CVE-2017-11188)
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. (CVE-2017-11310)
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
(CVE-2017-11352)
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. (CVE-2017-11360)
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. (CVE-2017-11446)
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. (CVE-2017-11447)
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (CVE-2017-11448)
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. (CVE-2017-11449)
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
(CVE-2017-11450)
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. (CVE-2017-11478)
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
(CVE-2017-11505)
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. (CVE-2017-11523)
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
(CVE-2017-11524)
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11525)
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
(CVE-2017-11526)
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11527)
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11528)
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11529)
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11530)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. (CVE-2017-11531)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (CVE-2017-11532)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. (CVE-2017-11533)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. (CVE-2017-11534)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. (CVE-2017-11535)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. (CVE-2017-11536)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (CVE-2017-11537)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. (CVE-2017-11538)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. (CVE-2017-11539)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
(CVE-2017-11540)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel- accessor.h. (CVE-2017-11639)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. (CVE-2017-11640)
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. (CVE-2017-11644)
The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. (CVE-2017-11724)
The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. (CVE-2017-11750)
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11751)
The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11752)
The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. (CVE-2017-11753)
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
(CVE-2017-11754)
The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
(CVE-2017-11755)
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. (CVE-2017-12140)
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (CVE-2017-12418)
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
(CVE-2017-12428)
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. (CVE-2017-12429)
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. (CVE-2017-12432)
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. (CVE-2017-12433)
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c. (CVE-2017-12434)
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. (CVE-2017-12435)
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
(CVE-2017-12587)
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
(CVE-2017-12640)
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. (CVE-2017-12641)
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. (CVE-2017-12642)
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
(CVE-2017-12643)
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. (CVE-2017-12644)
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-12654)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. (CVE-2017-12662)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. (CVE-2017-12663)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. (CVE-2017-12664)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. (CVE-2017-12665)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
(CVE-2017-12666)
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-12691)
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. (CVE-2017-12692)
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. (CVE-2017-12693)
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. (CVE-2017-12875)
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. (CVE-2017-12876)
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. (CVE-2017-12877)
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. (CVE-2017-12983)
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13058)
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. (CVE-2017-13059)
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13060)
In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. (CVE-2017-13061)
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. (CVE-2017-13062)
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. (CVE-2017-13131)
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the dump uncompressed PseudoColor packets step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. (CVE-2017-13132)
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. (CVE-2017-13133)
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
(CVE-2017-13134)
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13139)
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. (CVE-2017-13140)
In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. (CVE-2017-13141)
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. (CVE-2017-13142)
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. (CVE-2017-13143)
In ImageMagick before 6.9.7-10, there is a crash (rather than a width or height exceeds limit error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. (CVE-2017-13144)
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. (CVE-2017-13145)
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. (CVE-2017-13146)
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. (CVE-2017-13658)
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. (CVE-2017-13758)
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. (CVE-2017-13768)
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. (CVE-2017-13769)
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. (CVE-2017-14060)
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. (CVE-2017-14137)
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large extent field in the header but does not contain sufficient backing data, is provided, the loop over length would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14172)
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation GetQuantumRange(depth)+1 when depth is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large max_value value. (CVE-2017-14173)
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large length field in the header but does not contain sufficient backing data, is provided, the loop over length would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14174)
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14175)
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. (CVE-2017-14224)
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. (CVE-2017-14248)
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. (CVE-2017-14249)
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14324)
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. (CVE-2017-14325)
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14326)
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. (CVE-2017-14341)
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. (CVE-2017-14342)
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. (CVE-2017-14343)
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. (CVE-2017-14400)
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. (CVE-2017-14528)
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. (CVE-2017-14531)
ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. (CVE-2017-14532)
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. (CVE-2017-14533)
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-14607)
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. (CVE-2017-14624)
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. (CVE-2017-14682)
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
(CVE-2017-14739)
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. (CVE-2017-14741)
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. (CVE-2017-14989)
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. (CVE-2017-15015)
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
(CVE-2017-15016)
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
(CVE-2017-15017)
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2017-15032)
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. (CVE-2017-15033)
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. (CVE-2017-15217)
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. (CVE-2017-15218)
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. (CVE-2017-15277)
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to Conditional jump or move depends on uninitialised value(s). (CVE-2017-15281)
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
(CVE-2017-16546)
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. (CVE-2017-17499)
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. (CVE-2017-17504)
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
(CVE-2017-17680)
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. (CVE-2017-17681)
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. (CVE-2017-17682)
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. (CVE-2017-17879)
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. (CVE-2017-17880)
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
(CVE-2017-17881)
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
(CVE-2017-17882)
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
(CVE-2017-17884)
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
(CVE-2017-17885)
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
(CVE-2017-17886)
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. (CVE-2017-17887)
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. (CVE-2017-17914)
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. (CVE-2017-17934)
In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. (CVE-2017-18008)
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
(CVE-2017-18022)
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
(CVE-2017-18027)
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
(CVE-2017-18028)
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
(CVE-2017-18029)
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. (CVE-2017-5506)
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. (CVE-2017-5507)
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
(CVE-2017-5508)
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. (CVE-2017-5509, CVE-2017-5510)
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. (CVE-2017-5511)
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. (CVE-2017-6335)
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). (CVE-2017-6497)
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. (CVE-2017-6498)
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). (CVE-2017-6499)
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. (CVE-2017-6500)
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. (CVE-2017-6501)
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file- descriptor leak in libmagickcore (thus, a DoS). (CVE-2017-6502)
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. (CVE-2017-7275)
coders/rle.c in ImageMagick 7.0.5-4 has an outside the range of representable values of type unsigned char undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7606)
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. (CVE-2017-7619)
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7941)
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7942)
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7943)
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8343)
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8344)
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8345)
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8346)
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8347)
In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8348)
In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8349)
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8350)
In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8351)
In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8352)
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8353)
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8354)
In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8355)
In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8356)
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8357)
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. (CVE-2017-8765)
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8830)
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. (CVE-2017-9098)
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. (CVE-2017-9141)
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
(CVE-2017-9142)
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. (CVE-2017-9143)
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. (CVE-2017-9144)
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9261)
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9262)
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9405)
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9407)
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9409)
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9439)
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9440)
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9499)
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9500)
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9501)
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
(CVE-2018-16323)
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
(CVE-2018-5246)
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. (CVE-2018-5247)
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. (CVE-2018-5357)
In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. (CVE-2018-6405)
The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. (CVE-2018-6876)
A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. (CVE-2018-6930)
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). (CVE-2018-7443)
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. (CVE-2018-7470)
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. (CVE-2019-10714)
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25663)
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. (CVE-2020-25664)
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-25665)
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count
value for a color. The patch uses casts to ssize_t
type for these calculations, instead of int
. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25666)
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for dc:format=\image/dng\
within profile
due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25667)
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-25674)
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
(CVE-2020-25675)
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25676)
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. (CVE-2020-27560)
A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char
and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27750)
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long
as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27751)
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well.
This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27752)
There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in AcquireMagickMemory()
because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to AcquireMagickMemory()
. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27753)
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. (CVE-2020-27754)
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27755)
In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide- by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function PerceptibleReciprocal()
in order to prevent such divide-by-zero conditions.
This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27756)
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27757)
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long
. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27758)
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type int
to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27759)
In GammaImage()
of /MagickCore/enhance.c, depending on the gamma
value, it’s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the PerceptibleReciprocal()
to prevent the divide-by- zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
(CVE-2020-27760)
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long
undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssize_t
instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. (CVE-2020-27761)
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char
. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. (CVE-2020-27762)
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27763)
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. (CVE-2020-27764)
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27765)
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long
. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. (CVE-2020-27766)
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types float
and unsigned char
. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27767)
In ImageMagick, there is an outside the range of representable values of type ‘unsigned int’ at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27768)
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c. (CVE-2020-27769)
Due to a missing check for 0 value of replace_extent
, it is possible for offset p
to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27770)
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27771)
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned int
. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
(CVE-2020-27772)
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char
or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27773)
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t
. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27774)
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27775)
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27776)
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. (CVE-2020-27829)
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none (CVE-2021-20189)
An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the ‘unsigned char’. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. (CVE-2021-20224)
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20241)
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20243)
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
The highest threat from this vulnerability is to system availability. (CVE-2021-20244)
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20245)
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20246)
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20310)
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20311)
A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20312)
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a module
policy in policy.xml
. ex. <policy domain=module rights=none pattern=PS />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the module
policy and instead use the coder
policy that is also our workaround recommendation: <policy domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)
A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)
In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned char’ at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned long’ at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)
In ImageMagick, there is load of misaligned address for type ‘double’, which requires 8 byte alignment and for type ‘float’, which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32547)
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. (CVE-2022-44267)
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). (CVE-2022-44268)
A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the identify -help command. (CVE-2022-48541)
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. (CVE-2023-1289)
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. (CVE-2023-3428)
A heap-based buffer overflow issue was found in ImageMagick’s PushCharPixel() function in quantum- private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. (CVE-2023-3745)
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. (CVE-2023-39978)
A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory imagemagick. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(195345);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2016-5010",
"CVE-2016-6491",
"CVE-2016-6823",
"CVE-2016-7101",
"CVE-2016-7515",
"CVE-2016-7516",
"CVE-2016-7517",
"CVE-2016-7518",
"CVE-2016-7519",
"CVE-2016-7520",
"CVE-2016-7521",
"CVE-2016-7522",
"CVE-2016-7523",
"CVE-2016-7525",
"CVE-2016-7526",
"CVE-2016-7528",
"CVE-2016-7529",
"CVE-2016-7530",
"CVE-2016-7531",
"CVE-2016-7532",
"CVE-2016-7533",
"CVE-2016-7534",
"CVE-2016-7535",
"CVE-2016-7537",
"CVE-2016-7538",
"CVE-2016-7539",
"CVE-2016-7799",
"CVE-2016-7906",
"CVE-2016-8677",
"CVE-2016-8707",
"CVE-2016-8862",
"CVE-2016-8866",
"CVE-2016-9556",
"CVE-2016-9559",
"CVE-2016-10046",
"CVE-2016-10047",
"CVE-2016-10048",
"CVE-2016-10049",
"CVE-2016-10050",
"CVE-2016-10051",
"CVE-2016-10052",
"CVE-2016-10053",
"CVE-2016-10054",
"CVE-2016-10055",
"CVE-2016-10057",
"CVE-2016-10058",
"CVE-2016-10059",
"CVE-2016-10060",
"CVE-2016-10061",
"CVE-2016-10062",
"CVE-2016-10063",
"CVE-2016-10064",
"CVE-2016-10065",
"CVE-2016-10066",
"CVE-2016-10067",
"CVE-2016-10068",
"CVE-2016-10069",
"CVE-2016-10070",
"CVE-2016-10071",
"CVE-2016-10144",
"CVE-2016-10145",
"CVE-2016-10146",
"CVE-2016-10252",
"CVE-2017-5506",
"CVE-2017-5507",
"CVE-2017-5508",
"CVE-2017-5509",
"CVE-2017-5510",
"CVE-2017-5511",
"CVE-2017-6335",
"CVE-2017-6497",
"CVE-2017-6498",
"CVE-2017-6499",
"CVE-2017-6500",
"CVE-2017-6501",
"CVE-2017-6502",
"CVE-2017-7275",
"CVE-2017-7606",
"CVE-2017-7619",
"CVE-2017-7941",
"CVE-2017-7942",
"CVE-2017-7943",
"CVE-2017-8343",
"CVE-2017-8344",
"CVE-2017-8345",
"CVE-2017-8346",
"CVE-2017-8347",
"CVE-2017-8348",
"CVE-2017-8349",
"CVE-2017-8350",
"CVE-2017-8351",
"CVE-2017-8352",
"CVE-2017-8353",
"CVE-2017-8354",
"CVE-2017-8355",
"CVE-2017-8356",
"CVE-2017-8357",
"CVE-2017-8765",
"CVE-2017-8830",
"CVE-2017-9098",
"CVE-2017-9141",
"CVE-2017-9142",
"CVE-2017-9143",
"CVE-2017-9144",
"CVE-2017-9261",
"CVE-2017-9262",
"CVE-2017-9405",
"CVE-2017-9407",
"CVE-2017-9409",
"CVE-2017-9439",
"CVE-2017-9440",
"CVE-2017-9499",
"CVE-2017-9500",
"CVE-2017-9501",
"CVE-2017-10928",
"CVE-2017-10995",
"CVE-2017-11141",
"CVE-2017-11170",
"CVE-2017-11188",
"CVE-2017-11310",
"CVE-2017-11352",
"CVE-2017-11360",
"CVE-2017-11446",
"CVE-2017-11447",
"CVE-2017-11448",
"CVE-2017-11449",
"CVE-2017-11450",
"CVE-2017-11478",
"CVE-2017-11505",
"CVE-2017-11523",
"CVE-2017-11524",
"CVE-2017-11525",
"CVE-2017-11526",
"CVE-2017-11527",
"CVE-2017-11528",
"CVE-2017-11529",
"CVE-2017-11530",
"CVE-2017-11531",
"CVE-2017-11532",
"CVE-2017-11533",
"CVE-2017-11534",
"CVE-2017-11535",
"CVE-2017-11536",
"CVE-2017-11537",
"CVE-2017-11538",
"CVE-2017-11539",
"CVE-2017-11540",
"CVE-2017-11639",
"CVE-2017-11640",
"CVE-2017-11644",
"CVE-2017-11724",
"CVE-2017-11750",
"CVE-2017-11751",
"CVE-2017-11752",
"CVE-2017-11753",
"CVE-2017-11754",
"CVE-2017-11755",
"CVE-2017-12140",
"CVE-2017-12418",
"CVE-2017-12428",
"CVE-2017-12429",
"CVE-2017-12432",
"CVE-2017-12433",
"CVE-2017-12434",
"CVE-2017-12435",
"CVE-2017-12587",
"CVE-2017-12640",
"CVE-2017-12641",
"CVE-2017-12642",
"CVE-2017-12643",
"CVE-2017-12644",
"CVE-2017-12654",
"CVE-2017-12662",
"CVE-2017-12663",
"CVE-2017-12664",
"CVE-2017-12665",
"CVE-2017-12666",
"CVE-2017-12691",
"CVE-2017-12692",
"CVE-2017-12693",
"CVE-2017-12875",
"CVE-2017-12876",
"CVE-2017-12877",
"CVE-2017-12983",
"CVE-2017-13058",
"CVE-2017-13059",
"CVE-2017-13060",
"CVE-2017-13061",
"CVE-2017-13062",
"CVE-2017-13131",
"CVE-2017-13132",
"CVE-2017-13133",
"CVE-2017-13134",
"CVE-2017-13139",
"CVE-2017-13140",
"CVE-2017-13141",
"CVE-2017-13142",
"CVE-2017-13143",
"CVE-2017-13144",
"CVE-2017-13145",
"CVE-2017-13146",
"CVE-2017-13658",
"CVE-2017-13758",
"CVE-2017-13768",
"CVE-2017-13769",
"CVE-2017-14060",
"CVE-2017-14137",
"CVE-2017-14172",
"CVE-2017-14173",
"CVE-2017-14174",
"CVE-2017-14175",
"CVE-2017-14224",
"CVE-2017-14248",
"CVE-2017-14249",
"CVE-2017-14324",
"CVE-2017-14325",
"CVE-2017-14326",
"CVE-2017-14341",
"CVE-2017-14342",
"CVE-2017-14343",
"CVE-2017-14400",
"CVE-2017-14528",
"CVE-2017-14531",
"CVE-2017-14532",
"CVE-2017-14533",
"CVE-2017-14607",
"CVE-2017-14624",
"CVE-2017-14682",
"CVE-2017-14739",
"CVE-2017-14741",
"CVE-2017-14989",
"CVE-2017-15015",
"CVE-2017-15016",
"CVE-2017-15017",
"CVE-2017-15032",
"CVE-2017-15033",
"CVE-2017-15217",
"CVE-2017-15218",
"CVE-2017-15277",
"CVE-2017-15281",
"CVE-2017-16546",
"CVE-2017-17499",
"CVE-2017-17504",
"CVE-2017-17680",
"CVE-2017-17681",
"CVE-2017-17682",
"CVE-2017-17879",
"CVE-2017-17880",
"CVE-2017-17881",
"CVE-2017-17882",
"CVE-2017-17884",
"CVE-2017-17885",
"CVE-2017-17886",
"CVE-2017-17887",
"CVE-2017-17914",
"CVE-2017-17934",
"CVE-2017-18008",
"CVE-2017-18022",
"CVE-2017-18027",
"CVE-2017-18028",
"CVE-2017-18029",
"CVE-2017-1000445",
"CVE-2018-5246",
"CVE-2018-5247",
"CVE-2018-5357",
"CVE-2018-6405",
"CVE-2018-6876",
"CVE-2018-6930",
"CVE-2018-7443",
"CVE-2018-7470",
"CVE-2018-16323",
"CVE-2018-16329",
"CVE-2019-10714",
"CVE-2020-25663",
"CVE-2020-25664",
"CVE-2020-25665",
"CVE-2020-25666",
"CVE-2020-25667",
"CVE-2020-25674",
"CVE-2020-25675",
"CVE-2020-25676",
"CVE-2020-27560",
"CVE-2020-27750",
"CVE-2020-27751",
"CVE-2020-27752",
"CVE-2020-27753",
"CVE-2020-27754",
"CVE-2020-27755",
"CVE-2020-27756",
"CVE-2020-27757",
"CVE-2020-27758",
"CVE-2020-27759",
"CVE-2020-27760",
"CVE-2020-27761",
"CVE-2020-27762",
"CVE-2020-27763",
"CVE-2020-27764",
"CVE-2020-27765",
"CVE-2020-27766",
"CVE-2020-27767",
"CVE-2020-27768",
"CVE-2020-27769",
"CVE-2020-27770",
"CVE-2020-27771",
"CVE-2020-27772",
"CVE-2020-27773",
"CVE-2020-27774",
"CVE-2020-27775",
"CVE-2020-27776",
"CVE-2020-27829",
"CVE-2021-4219",
"CVE-2021-20176",
"CVE-2021-20189",
"CVE-2021-20224",
"CVE-2021-20241",
"CVE-2021-20243",
"CVE-2021-20244",
"CVE-2021-20245",
"CVE-2021-20246",
"CVE-2021-20310",
"CVE-2021-20311",
"CVE-2021-20312",
"CVE-2021-39212",
"CVE-2022-2719",
"CVE-2022-32545",
"CVE-2022-32546",
"CVE-2022-32547",
"CVE-2022-44267",
"CVE-2022-44268",
"CVE-2022-48541",
"CVE-2023-1289",
"CVE-2023-3428",
"CVE-2023-3745",
"CVE-2023-5341",
"CVE-2023-34151",
"CVE-2023-39978"
);
script_name(english:"RHEL 7 : imagemagick (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- ImageMagick: NULL pointer dereference in GetMagickProperty function in MagickCore/property.c
(CVE-2018-16329)
- Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows
remote attackers to cause a denial of service (application crash) via a crafted image file.
(CVE-2016-10046)
- Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote
attackers to cause a denial of service (memory consumption) via a crafted XML file. (CVE-2016-10047)
- Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to
load arbitrary modules via unspecified vectors. (CVE-2016-10048)
- Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote
attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
RLE file. (CVE-2016-10049)
- Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows
remote attackers to cause a denial of service (application crash) or have other unspecified impact via a
crafted RLE file. (CVE-2016-10050)
- Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows
remote attackers to cause a denial of service (application crash) or have other unspecified impact via a
crafted file. (CVE-2016-10051)
- Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote
attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
file. (CVE-2016-10052)
- The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to
cause a denial of service (divide-by-zero error and application crash) via a crafted file.
(CVE-2016-10053)
- Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote
attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
file. (CVE-2016-10054)
- Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote
attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
file. (CVE-2016-10055)
- Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows
remote attackers to cause a denial of service (application crash) or have other unspecified impact via a
crafted file. (CVE-2016-10057)
- Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote
attackers to cause a denial of service (memory consumption) via a crafted image file. (CVE-2016-10058)
- Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial
of service (application crash) or have unspecified other impact via a crafted TIFF file. (CVE-2016-10059)
- The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check
the return value of the fputc function, which allows remote attackers to cause a denial of service
(application crash) via a crafted file. (CVE-2016-10060)
- The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return
value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a
crafted image file. (CVE-2016-10061)
- The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite
function, which allows remote attackers to cause a denial of service (application crash) via a crafted
file. (CVE-2016-10062)
- Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial
of service (application crash) or have other unspecified impact via a crafted file, related to extend
validity. (CVE-2016-10063)
- Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial
of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10064)
- The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause
a denial of service (application crash) or have other unspecified impact via a crafted file.
(CVE-2016-10065)
- Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote
attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10066)
- magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service
(application crash) via vectors involving too many exceptions, which trigger a buffer overflow.
(CVE-2016-10067)
- The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service
(segmentation fault and application crash) via a crafted XML file. (CVE-2016-10068)
- coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service
(application crash) via a mat file with an invalid number of frames. (CVE-2016-10069)
- Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows
remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat
file. (CVE-2016-10070)
- coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-
bounds read and application crash) via a crafted mat file. (CVE-2016-10071)
- coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing
malloc check. (CVE-2016-10144)
- Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via
vectors related to a string copy. (CVE-2016-10145)
- Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to
cause a denial of service (memory consumption) via unspecified vectors. (CVE-2016-10146)
- Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used
in ODR-PadEnc and other products, allows attackers to trigger memory consumption. (CVE-2016-10252)
- coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-
bounds read) via a crafted TIFF file. (CVE-2016-5010)
- Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and
7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak,
and crash) via a crafted image. (CVE-2016-6491)
- Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial
of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
(CVE-2016-6823)
- The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-
bounds read) via a large row value in an sgi file. (CVE-2016-7101)
- The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via vectors related to the number of pixels. (CVE-2016-7515)
- The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted VIFF file. (CVE-2016-7516)
- The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted PICT file. (CVE-2016-7517)
- The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted SUN file. (CVE-2016-7518)
- The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted file. (CVE-2016-7519)
- Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted HDR file. (CVE-2016-7520)
- Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7521, CVE-2016-7525)
- The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial
of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7522)
- coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via
a crafted file. (CVE-2016-7523)
- coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via
a crafted file. (CVE-2016-7526)
- The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of
service (segmentation fault) via a crafted VIFF file. (CVE-2016-7528)
- coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via
a crafted XCF file. (CVE-2016-7529)
- The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-
zero error or out-of-bounds write) via a crafted file. (CVE-2016-7530)
- MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds
write) via a crafted PDB file. (CVE-2016-7531)
- coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via
a crafted PSD file. (CVE-2016-7532)
- The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of
service (out-of-bounds read) via a crafted WPG file. (CVE-2016-7533)
- The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds
access) via a crafted file. (CVE-2016-7534)
- coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via
a crafted PSD file. (CVE-2016-7535)
- MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds
access) via a crafted PDB file. (CVE-2016-7537)
- coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via
a crafted file. (CVE-2016-7538)
- Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of
service (memory consumption) via unspecified vectors. (CVE-2016-7539)
- MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service
(out-of-bounds read) via a crafted file. (CVE-2016-7799)
- magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-
free) via a crafted file. (CVE-2016-7906)
- The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote
attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
(CVE-2016-8677)
- An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's
convert utility. A crafted TIFF document can lead to an out of bounds write which in particular
circumstances could be leveraged into remote code execution. The vulnerability can be triggered through
any user controlled TIFF that is handled by this functionality. (CVE-2016-8707)
- The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote
attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
(CVE-2016-8862)
- The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows
remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation
failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. (CVE-2016-8866)
- The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to
cause a denial of service (out-of-bounds heap read) via a crafted image file. (CVE-2016-9556)
- coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) via a crafted image. (CVE-2016-9559)
- ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore
component and might lead to denial of service (CVE-2017-1000445)
- In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows
remote attackers to obtain sensitive information from process memory or possibly have unspecified other
impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in
coders/svg.c. (CVE-2017-10928)
- The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial
of service (heap-based buffer over-read and application crash) via a crafted MNG image. (CVE-2017-10995)
- The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can
cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
(CVE-2017-11141)
- The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can
cause memory exhaustion via invalid colors data in the header of a TGA or VST file. (CVE-2017-11170)
- The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can
cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. (CVE-2017-11188)
- The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has
memory leak vulnerabilities via crafted PNG files. (CVE-2017-11310)
- In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling
in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
(CVE-2017-11352)
- The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a
crafted rle file that triggers a huge number_pixels value. (CVE-2017-11360)
- The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that
can cause CPU exhaustion via a crafted PES file. (CVE-2017-11446)
- The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks,
causing denial of service. (CVE-2017-11447)
- The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to
obtain sensitive information from uninitialized memory locations via a crafted file. (CVE-2017-11448)
- coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob
sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have
unspecified other impact via an image received from stdin. (CVE-2017-11449)
- coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via JPEG data that is too short.
(CVE-2017-11450)
- The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1
allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed
DJVU image. (CVE-2017-11478)
- The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows
remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
(CVE-2017-11505)
- The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows
remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file
condition is not considered. (CVE-2017-11523)
- The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows
remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
(CVE-2017-11524)
- The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11525)
- The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
(CVE-2017-11526)
- The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11527)
- The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11528)
- The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11529)
- The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11530)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
WriteHISTOGRAMImage() function in coders/histogram.c. (CVE-2017-11531)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
WriteMPCImage() function in coders/mpc.c. (CVE-2017-11532)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
in the WriteUILImage() function in coders/uil.c. (CVE-2017-11533)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
lite_font_map() function in coders/wmf.c. (CVE-2017-11534)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
in the WritePSImage() function in coders/ps.c. (CVE-2017-11535)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
WriteJP2Image() function in coders/jp2.c. (CVE-2017-11536)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception
(FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel
calculation. (CVE-2017-11537)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
WriteOnePNGImage() function in coders/png.c. (CVE-2017-11538)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
ReadOnePNGImage() function in coders/png.c. (CVE-2017-11539)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
(CVE-2017-11540)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-
accessor.h. (CVE-2017-11639)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception
in the WritePTIFImage() function in coders/tiff.c. (CVE-2017-11640)
- When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
ReadMATImage() function in coders/mat.c. (CVE-2017-11644)
- The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has
memory leaks involving the quantum_info and clone_info data structures. (CVE-2017-11724)
- The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to
cause a denial of service (NULL pointer dereference) via a crafted file. (CVE-2017-11750)
- The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
denial of service (memory leak) via a crafted file. (CVE-2017-11751)
- The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
denial of service (memory leak) via a crafted file. (CVE-2017-11752)
- The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers
to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System
(FITS) file. (CVE-2017-11753)
- The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
(CVE-2017-11754)
- The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
(CVE-2017-11755)
- The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading
to excessive memory consumption via a crafted DCM file. (CVE-2017-12140)
- ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related
to the WriteImage function in MagickCore/constitute.c. (CVE-2017-12418)
- In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in
coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
(CVE-2017-12428)
- In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in
coders/miff.c, which allows attackers to cause a denial of service. (CVE-2017-12429)
- In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in
coders/pcx.c, which allows attackers to cause a denial of service. (CVE-2017-12432)
- In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in
coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in
memory.c. (CVE-2017-12433)
- In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in
coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo
in image.c. (CVE-2017-12434)
- In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in
coders/sun.c, which allows attackers to cause a denial of service. (CVE-2017-12435)
- ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
(CVE-2017-12587)
- ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
(CVE-2017-12640)
- ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. (CVE-2017-12641)
- ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. (CVE-2017-12642)
- ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
(CVE-2017-12643)
- ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. (CVE-2017-12644)
- The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of
service (memory leak) via a crafted file. (CVE-2017-12654)
- ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. (CVE-2017-12662)
- ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. (CVE-2017-12663)
- ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. (CVE-2017-12664)
- ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. (CVE-2017-12665)
- ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
(CVE-2017-12666)
- The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial
of service (memory consumption) via a crafted file. (CVE-2017-12691)
- The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a
denial of service (memory consumption) via a crafted VIFF file. (CVE-2017-12692)
- The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial
of service (memory consumption) via a crafted BMP file. (CVE-2017-12693)
- The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of
service (CPU consumption) via a crafted file. (CVE-2017-12875)
- Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a
denial of service via a crafted file. (CVE-2017-12876)
- Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows
remote attackers to cause a denial of service via a crafted file. (CVE-2017-12877)
- Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows
remote attackers to cause a denial of service (application crash) or possibly have unspecified other
impact via a crafted file. (CVE-2017-12983)
- In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in
coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13058)
- In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in
coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a
crafted file. (CVE-2017-13059)
- In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in
coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13060)
- In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal
in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via
a crafted file. (CVE-2017-13061)
- In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c,
which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted
file. (CVE-2017-13062)
- In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in
coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in
MagickCore/linked-list.c) via a crafted file. (CVE-2017-13131)
- In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure
in the dump uncompressed PseudoColor packets step, which allows attackers to cause a denial of service
(assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. (CVE-2017-13132)
- In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows
attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. (CVE-2017-13133)
- In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function
SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
(CVE-2017-13134)
- In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an
out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13139)
- In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows
remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with
a width equal to MAGICK_WIDTH_LIMIT. (CVE-2017-13140)
- In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in
ReadOnePNGImage in coders/png.c. (CVE-2017-13141)
- In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because
there was an insufficient check for short files. (CVE-2017-13142)
- In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses
uninitialized data, which might allow remote attackers to obtain sensitive information from process
memory. (CVE-2017-13143)
- In ImageMagick before 6.9.7-10, there is a crash (rather than a width or height exceeds limit error
report) if the image dimensions are too large, as demonstrated by use of the mpc coder. (CVE-2017-13144)
- In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not
properly validate the channel geometry, leading to a crash. (CVE-2017-13145)
- In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function
in coders/mat.c. (CVE-2017-13146)
- In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage
function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the
DestroyImageInfo function in MagickCore/image.c. (CVE-2017-13658)
- In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in
MagickCore/draw.c. (CVE-2017-13758)
- Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through
7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. (CVE-2017-13768)
- The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker
to cause a denial of service (buffer over-read) by sending a crafted JPEG file. (CVE-2017-13769)
- In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in
coders/cut.c that could allow an attacker to cause a Denial of Service (in the
QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image
file. (CVE-2017-14060)
- ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive
because it depends only on a length field in a header. (CVE-2017-14137)
- In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File)
check might cause huge CPU consumption. When a crafted PSD file, which claims a large extent field in
the header but does not contain sufficient backing data, is provided, the loop over length would consume
huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14172)
- In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur
for the addition operation GetQuantumRange(depth)+1 when depth is large, producing a smaller value
than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large
max_value value. (CVE-2017-14173)
- In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of
File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large length field
in the header but does not contain sufficient backing data, is provided, the loop over length would
consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14174)
- In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File)
check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns
fields in the header but does not contain sufficient backing data, is provided, the loop over the rows
would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14175)
- A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote
attackers to cause a denial of service or code execution via a crafted file. (CVE-2017-14224)
- A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows
remote attackers to cause a denial of service via a crafted file. (CVE-2017-14248)
- ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero
in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via
a crafted file. (CVE-2017-14249)
- In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in
coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14324)
- In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in
magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in
coders/mpc.c) via a crafted file. (CVE-2017-14325)
- In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in
coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14326)
- ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion
via a crafted wpg image file. (CVE-2017-14341)
- ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted
wpg image file. (CVE-2017-14342)
- ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf
image file. (CVE-2017-14343)
- In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache
nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the
function GetVirtualPixels in MagickCore/cache.c) via a crafted file. (CVE-2017-14400)
- The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about
whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote
attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and
application crash) via a crafted file. (CVE-2017-14528)
- ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. (CVE-2017-14531)
- ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. (CVE-2017-14532)
- ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. (CVE-2017-14533)
- In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in
coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or
cause an application crash. (CVE-2017-14607)
- ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function
PostscriptDelegateMessage in coders/ps.c. (CVE-2017-14624)
- GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of
service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a
crafted SVG document, a different vulnerability than CVE-2017-10928. (CVE-2017-14682)
- The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles
failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer
Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
(CVE-2017-14739)
- The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause
a denial of service (infinite loop) via a crafted font file. (CVE-2017-14741)
- A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to
crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is
called at an incorrect place in the ImageMagick code. (CVE-2017-14989)
- ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in
coders/pdf.c. (CVE-2017-15015)
- ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
(CVE-2017-15016)
- ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
(CVE-2017-15017)
- ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2017-15032)
- ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. (CVE-2017-15033)
- ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. (CVE-2017-15217)
- ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. (CVE-2017-15218)
- ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette
uninitialized when processing a GIF file that has neither a global nor local palette. If the affected
product is used as a library loaded into a process that operates on interesting data, this data sometimes
can be leaked via the uninitialized palette. (CVE-2017-15277)
- ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted file, related to Conditional
jump or move depends on uninitialised value(s). (CVE-2017-15281)
- The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap
index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized
data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
(CVE-2017-16546)
- ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in
Magick++/lib/Image.cpp. (CVE-2017-17499)
- ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via
a crafted file, related to ReadOneMNGImage. (CVE-2017-17504)
- In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in
coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
(CVE-2017-17680)
- In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in
coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image
file. (CVE-2017-17681)
- In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in
coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image
file that triggers a ReadWPGImage call. (CVE-2017-17682)
- In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage
in coders/png.c, related to length calculation and caused by an off-by-one error. (CVE-2017-17879)
- In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage
in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. (CVE-2017-17880)
- In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in
coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
(CVE-2017-17881)
- In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in
coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
(CVE-2017-17882)
- In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in
coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
(CVE-2017-17884)
- In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in
coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
(CVE-2017-17885)
- In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in
coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
(CVE-2017-17886)
- In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in
magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is
processed by ReadOneMNGImage. (CVE-2017-17887)
- In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c,
which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image
file. (CVE-2017-17914)
- ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and
ProcessMSLScript, and associated with mishandling of MSLPushImage calls. (CVE-2017-17934)
- In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. (CVE-2017-18008)
- In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
(CVE-2017-18022)
- In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in
coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
(CVE-2017-18027)
- In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in
coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
(CVE-2017-18028)
- In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in
coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
(CVE-2017-18029)
- Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified
impact via a crafted file. (CVE-2017-5506)
- Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers
to cause a denial of service (memory consumption) via vectors involving a pixel cache. (CVE-2017-5507)
- Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before
7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
(CVE-2017-5508)
- coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file,
which triggers an out-of-bounds write. (CVE-2017-5509, CVE-2017-5510)
- coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper
cast, which triggers a heap-based buffer overflow. (CVE-2017-5511)
- The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote
attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per
pixel value in a CMYKA TIFF file. (CVE-2017-6335)
- An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer
dereference (thus, a DoS). (CVE-2017-6497)
- An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus
leading to DoS. (CVE-2017-6498)
- An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested
exception could lead to a memory leak (thus, a DoS). (CVE-2017-6499)
- An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer
over-read. (CVE-2017-6500)
- An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer
dereference. (CVE-2017-6501)
- An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-
descriptor leak in libmagickcore (thus, a DoS). (CVE-2017-6502)
- The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial
of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. (CVE-2017-7275)
- coders/rle.c in ImageMagick 7.0.5-4 has an outside the range of representable values of type unsigned
char undefined behavior issue, which might allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7606)
- In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of
the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI,
ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. (CVE-2017-7619)
- The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of
available memory via a crafted file. (CVE-2017-7941)
- The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of
available memory via a crafted file. (CVE-2017-7942)
- The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of
available memory via a crafted file. (CVE-2017-7943)
- In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8343)
- In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8344)
- In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8345)
- In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8346)
- In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8347)
- In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8348)
- In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8349)
- In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8350)
- In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8351)
- In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8352)
- In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8353)
- In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8354)
- In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8355)
- In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8356)
- In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-8357)
- The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability
which can cause memory exhaustion via a crafted ICON file. (CVE-2017-8765)
- In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of
service (memory leak) via a crafted file. (CVE-2017-8830)
- ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder,
allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote
attacks against ImageMagick code in a long-running server process that converts image data on behalf of
multiple users. This is caused by a missing initialization step in the ReadRLEImage function in
coders/rle.c. (CVE-2017-9098)
- In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the
ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage
function in coders/dds.c. (CVE-2017-9141)
- In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in
MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
(CVE-2017-9142)
- In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of
service (memory leak) via a crafted .art file. (CVE-2017-9143)
- In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in
coders/rle.c. (CVE-2017-9144)
- In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial
of service (memory leak) via a crafted file. (CVE-2017-9261)
- In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial
of service (memory leak) via a crafted file. (CVE-2017-9262)
- In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of
service (memory leak) via a crafted file. (CVE-2017-9405)
- In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-9407)
- In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service
(memory leak) via a crafted file. (CVE-2017-9409)
- In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows
attackers to cause a denial of service via a crafted file. (CVE-2017-9439)
- In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which
allows attackers to cause a denial of service via a crafted file. (CVE-2017-9440)
- In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes,
which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9499)
- In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator,
which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9500)
- In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows
attackers to cause a denial of service via a crafted file. (CVE-2017-9501)
- ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an
XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process
that includes sensitive information, that information sometimes can be leaked via the image data.
(CVE-2018-16323)
- In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
(CVE-2018-5246)
- In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. (CVE-2018-5247)
- ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. (CVE-2018-5357)
- In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and
bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a
memory leak. This allows remote attackers to cause a denial of service. (CVE-2018-6405)
- The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other
products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a
crafted bmp image. (CVE-2018-6876)
- A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of
ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a
maliciously crafted pict file. (CVE-2018-6930)
- The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the
amount of image data in a file, which allows remote attackers to cause a denial of service (memory
allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). (CVE-2018-7443)
- An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c
allows attackers to cause a denial of service (segmentation violation) via a crafted file. (CVE-2018-7470)
- LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading
to a SIGSEGV. (CVE-2019-10714)
- A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a
subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was
called. This could occur if an attacker is able to submit a malicious image file to be processed by
ImageMagick and could lead to denial of service. It likely would not lead to anything further because the
memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior
to 7.0.9-0. (CVE-2020-25663)
- In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and
memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is
called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially
crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick
versions prior to 6.9.10-68 and 7.0.8-68. (CVE-2020-25664)
- The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine
WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the
routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause
impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-25665)
- There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible
during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch
uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application
reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick
versions prior to 7.0.9-0. (CVE-2020-25666)
- TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it
searches for `dc:format=\image/dng\` within `profile` due to improper string handling, when a crafted
input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to
remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick
versions prior to 7.0.9-0. (CVE-2020-25667)
- WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that
can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the
colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass
invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to
MagickMin() to ensure the proper value is used. This could impact application availability when a
specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to
7.0.8-68. (CVE-2020-25674)
- In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations
performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow
and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative
impact to application availability or other problems related to undefined behavior, in cases where
ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the
pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
(CVE-2020-25675)
- In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and
InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained
pixel offset calculations which were being used with the floor() function. These calculations produced
undefined behavior in the form of out-of-range and integer overflows, as identified by
UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is
able to supply a crafted input file to be processed by ImageMagick. These issues could impact application
availability or potentially cause other problems related to undefined behavior. This flaw affects
ImageMagick versions prior to 7.0.9-0. (CVE-2020-25676)
- ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may
cause a denial of service. (CVE-2020-27560)
- A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker
who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form
of values outside the range of type `unsigned char` and math division by zero. This would most likely lead
to an impact to application availability, but could potentially cause other problems related to undefined
behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27750)
- A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file
that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range
of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would
most likely lead to an impact to application availability, but could potentially cause other problems
related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27751)
- A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file
that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an
impact to application availability, but could potentially lead to an impact to data integrity as well.
This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27752)
- There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values,
which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact
to application availability or cause a denial of service. It was originally reported that the issues were
in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves
issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This
flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27753)
- In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return
overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the
patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be
within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to
6.9.10-69 and 7.0.8-69. (CVE-2020-27754)
- in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because
the code which checks for the proper image depth size does not reset the size in the event there is an
invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak
can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to
application reliability, such as denial of service. This flaw affects ImageMagick versions prior to
7.0.9-0. (CVE-2020-27755)
- In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-
by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input
file processed by ImageMagick and could impact application availability. The patch uses multiplication in
addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions.
This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27756)
- A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to
undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be
triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat
Product Security marked this as Low because although it could potentially lead to an impact to application
availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to
7.0.8-68. (CVE-2020-27757)
- A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed
by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned
long long`. This would most likely lead to an impact to application availability, but could potentially
cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
7.0.8-68. (CVE-2020-27758)
- In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned,
which in some cases caused a value outside the range of type `int` to be returned. The flaw could be
triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product
Security marked this as Low severity because although it could potentially lead to an impact to
application availability, no specific impact was shown in this case. This flaw affects ImageMagick
versions prior to 7.0.8-68. (CVE-2020-27759)
- In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a
divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an
impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-
zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
(CVE-2020-27760)
- WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to
values outside the range of representable type `unsigned long` undefined behavior when a crafted input
file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat
Product Security marked the Severity as Low because although it could potentially lead to an impact to
application availability, no specific impact was shown in this case. This flaw affects ImageMagick
versions prior to ImageMagick 7.0.9-0. (CVE-2020-27761)
- A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed
by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned
char`. This would most likely lead to an impact to application availability, but could potentially cause
other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick
7.0.8-68. (CVE-2020-27762)
- A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would
most likely lead to an impact to application availability, but could potentially cause other problems
related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27763)
- In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should
have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input
file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it
could potentially lead to an impact to application availability, no specific impact was shown in this
case. This flaw affects ImageMagick versions prior to 6.9.10-69. (CVE-2020-27764)
- A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would
most likely lead to an impact to application availability, but could potentially cause other problems
related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27765)
- A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type
`unsigned long`. This would most likely lead to an impact to application availability, but could
potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions
prior to 7.0.8-69. (CVE-2020-27766)
- A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types
`float` and `unsigned char`. This would most likely lead to an impact to application availability, but
could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick
versions prior to 7.0.9-0. (CVE-2020-27767)
- In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at
MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27768)
- In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type
'float' at MagickCore/quantize.c. (CVE-2020-27769)
- Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in
SubstituteString(), causing potential impact to application availability. This could be triggered by a
crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to
7.0.8-68. (CVE-2020-27770)
- In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could
result in values outside the range of representable for the unsigned char type. The patch casts the return
value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered
when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity
because although it could potentially lead to an impact to application availability, no specific impact
was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27771)
- A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed
by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned
int`. This would most likely lead to an impact to application availability, but could potentially cause
other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
(CVE-2020-27772)
- A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that
is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of
type `unsigned char` or division by zero. This would most likely lead to an impact to application
availability, but could potentially cause other problems related to undefined behavior. This flaw affects
ImageMagick versions prior to 7.0.9-0. (CVE-2020-27773)
- A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type
`ssize_t`. This would most likely lead to an impact to application availability, but could potentially
cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
7.0.9-0. (CVE-2020-27774)
- A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type
unsigned char. This would most likely lead to an impact to application availability, but could potentially
cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
7.0.9-0. (CVE-2020-27775)
- A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type
unsigned long. This would most likely lead to an impact to application availability, but could potentially
cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
7.0.9-0. (CVE-2020-27776)
- A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in
ImageMagick before 7.0.10-45. (CVE-2020-27829)
- A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an
attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through
a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)
- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
by its CNA. Further investigation showed that it was not a security issue. Notes: none (CVE-2021-20189)
- An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in
MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of
representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to
an undefined behaviour or a crash. (CVE-2021-20224)
- A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed
by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat
from this vulnerability is to system availability. (CVE-2021-20241)
- A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The
highest threat from this vulnerability is to system availability. (CVE-2021-20243)
- A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file
that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
The highest threat from this vulnerability is to system availability. (CVE-2021-20244)
- A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed
by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat
from this vulnerability is to system availability. (CVE-2021-20245)
- A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is
processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The
highest threat from this vulnerability is to system availability. (CVE-2021-20246)
- A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz()
of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is
to system availability. (CVE-2021-20310)
- A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in
sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image
file that is submitted by an attacker processed by an application using ImageMagick. The highest threat
from this vulnerability is to system availability. (CVE-2021-20311)
- A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of
coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an
attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is
to system availability. (CVE-2021-20312)
- ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you
may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and
in certain cases, Postscript files could be read and written when specifically excluded by a `module`
policy in `policy.xml`. ex. <policy domain=module rights=none pattern=PS />. The issue has been
resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module`
policy and instead use the `coder` policy that is also our workaround recommendation: <policy
domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)
- A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads
to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)
- In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in
MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This
was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)
- A vulnerability was found in ImageMagick, causing an outside the range of representable values of type
'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative
impact to application availability or other problems related to undefined behavior. (CVE-2022-32545)
- A vulnerability was found in ImageMagick, causing an outside the range of representable values of type
'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative
impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)
- In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and
for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted
input is processed by ImageMagick, this causes a negative impact to application availability or other
problems related to undefined behavior. (CVE-2022-32547)
- ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),
the convert process could be left waiting for stdin input. (CVE-2022-44267)
- ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for
resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary
has permissions to read it). (CVE-2022-44268)
- A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of
service via the identify -help command. (CVE-2022-48541)
- A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a
segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to
a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When
ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file
contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of
size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will
generate about 10G. (CVE-2023-1289)
- A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting
double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)
- A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow
a local attacker to trick the user into opening a specially crafted file, resulting in an application
crash and denial of service. (CVE-2023-3428)
- A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-
private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file,
triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of
service. (CVE-2023-3745)
- ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in
Magick::Draw. (CVE-2023-39978)
- A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16329");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'ImageMagick', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'ImageMagick'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ImageMagick');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10069
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6491
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7520
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7522
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7906
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9556
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9559
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11170
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11360
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11639
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11724
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12434
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12691
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12692
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13062
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13131
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14137
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14172
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14173
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14174
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14175
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14248
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14249
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14324
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14325
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14326
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14624
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14739
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15217
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15277
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17680
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17681
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17682
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17880
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17884
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17887
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17914
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7275
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8344
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8346
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8347
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8350
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8354
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8355
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9143
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9144
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9262
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9440
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16329
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5247
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5357
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10714
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27560
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27765
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27766
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27768
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27770
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27775
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27829
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20244
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20245
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20246
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20311
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4219
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2719
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32547
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34151
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5341