| CVE-2021-39212 |
AVG-2378 |
Medium |
No |
Access restriction bypass |
In ImageMagick before version 7.1.0-7, Postscript files could be read and written in certain cases when specifically excluded by a `module` policy in `policy.xml`. |
| CVE-2021-34183 |
AVG-2104 |
Low |
Yes |
Denial of service |
ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c. |
| CVE-2021-20246 |
AVG-1579 |
Medium |
No |
Denial of service |
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined... |
| CVE-2021-20245 |
AVG-1579 |
Medium |
No |
Denial of service |
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior... |
| CVE-2021-20244 |
AVG-1579 |
Medium |
No |
Denial of service |
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger... |
| CVE-2021-20243 |
AVG-1579 |
Medium |
No |
Denial of service |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined... |
| CVE-2021-20242 |
AVG-1579 |
Medium |
No |
Denial of service |
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined... |
| CVE-2021-20241 |
AVG-1579 |
Medium |
No |
Denial of service |
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in... |
| CVE-2021-20189 |
AVG-1490 |
Low |
No |
Incorrect calculation |
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined... |
| CVE-2021-3962 |
AVG-2575 |
Medium |
Yes |
Insufficient validation |
A security issue was found in ImageMagick before version 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert... |
| CVE-2021-3610 |
AVG-2085 |
Medium |
Yes |
Arbitrary code execution |
A heap-based buffer overflow vulnerability was found in ImageMagick in ReadTIFFImage() in coders/tiff.c because of an incorrect setting of the pixel array... |
| CVE-2020-13902 |
AVG-1181 |
Medium |
Yes |
Information disclosure |
An out-of-bounds read has been found in the TIFF image decoding part of imagemagick <= 7.0.10-17, in BlobToStringInfo in MagickCore/string.c. |
| CVE-2019-9956 |
AVG-931 |
Critical |
Yes |
Arbitrary code execution |
A stack-based buffer overflow has been found in ImageMagick before 7.0.8-35, in the WritePSImage() function. |
| CVE-2017-14505 |
AVG-499 |
Medium |
Yes |
Denial of service |
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 6.9.9-10 mishandles certain NULL arrays, which allows attackers to perform Denial of Service... |
| CVE-2017-13134 |
AVG-497 |
Medium |
Yes |
Denial of service |
In ImageMagick 6.9.9.1, 7.0.6.7 and GraphicsMagick before 1.3.27, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which... |
| CVE-2017-11352 |
AVG-354 |
Low |
Yes |
Denial of service |
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. This is caused by an incomplete... |
| CVE-2017-9098 |
AVG-939 |
High |
Yes |
Information disclosure |
Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory... |
| CVE-2016-10252 |
AVG-210 |
Low |
No |
Denial of service |
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers... |
| CVE-2016-7906 |
AVG-40 |
High |
Yes |
Arbitrary code execution |
An attacker is able to trigger a use-after-free when providing a crafted image to ImageMagick's mogrify function. |
| CVE-2016-7799 |
AVG-40 |
Medium |
Yes |
Denial of service |
A buffer over-read vulnerability was found in ImageMagick. A malicious file could cause the application to crash. |