imagemagick

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An image viewing/manipulation program
Version 7.1.1.29-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2575 7.1.0.13-1 7.1.0.14-1 Medium Fixed
AVG-2378 7.1.0.6-1 7.1.0.7-1 Medium Fixed
AVG-2104 7.1.0.17-1 Low Not affected
AVG-2085 7.0.11.13-3 7.0.11.14-1 Medium Fixed
AVG-1579 7.0.10.61-1 7.0.10.62-1 Medium Fixed
AVG-1490 7.0.10.56-1 7.0.10.57-1 Low Fixed
AVG-1181 7.0.10.18-1 7.0.10.20-1 Medium Fixed
AVG-939 7.0.5.1-1 7.0.5.2-1 High Fixed
AVG-931 7.0.8.34-1 7.0.8.35-1 Critical Fixed
AVG-499 6.9.9.10-1 6.9.9.11-1 Medium Fixed
AVG-497 6.9.9.3-1 6.9.9.7-1 Medium Fixed
AVG-354 6.9.8.8-2 6.9.8.9-1 Low Fixed
AVG-210 6.9.2.0-1 6.9.2.4-1 Low Not affected
AVG-40 6.9.5.10-1 6.9.6.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-39212 AVG-2378 Medium No Access restriction bypass
In ImageMagick before version 7.1.0-7, Postscript files could be read and written in certain cases when specifically excluded by a `module` policy in `policy.xml`.
CVE-2021-34183 AVG-2104 Low Yes Denial of service
ImageMagick 7.0.11-14 has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.
CVE-2021-20246 AVG-1579 Medium No Denial of service
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...
CVE-2021-20245 AVG-1579 Medium No Denial of service
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior...
CVE-2021-20244 AVG-1579 Medium No Denial of service
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger...
CVE-2021-20243 AVG-1579 Medium No Denial of service
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...
CVE-2021-20242 AVG-1579 Medium No Denial of service
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...
CVE-2021-20241 AVG-1579 Medium No Denial of service
A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in...
CVE-2021-20189 AVG-1490 Low No Incorrect calculation
A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...
CVE-2021-3962 AVG-2575 Medium Yes Insufficient validation
A security issue was found in ImageMagick before version 7.1.0-14 where it did not properly sanitize certain input before using it to invoke convert...
CVE-2021-3610 AVG-2085 Medium Yes Arbitrary code execution
A heap-based buffer overflow vulnerability was found in ImageMagick in ReadTIFFImage() in coders/tiff.c because of an incorrect setting of the pixel array...
CVE-2020-13902 AVG-1181 Medium Yes Information disclosure
An out-of-bounds read has been found in the TIFF image decoding part of imagemagick <= 7.0.10-17, in BlobToStringInfo in MagickCore/string.c.
CVE-2019-9956 AVG-931 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in ImageMagick before 7.0.8-35, in the WritePSImage() function.
CVE-2017-14505 AVG-499 Medium Yes Denial of service
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 6.9.9-10 mishandles certain NULL arrays, which allows attackers to perform Denial of Service...
CVE-2017-13134 AVG-497 Medium Yes Denial of service
In ImageMagick 6.9.9.1, 7.0.6.7 and GraphicsMagick before 1.3.27, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which...
CVE-2017-11352 AVG-354 Low Yes Denial of service
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. This is caused by an incomplete...
CVE-2017-9098 AVG-939 High Yes Information disclosure
Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory...
CVE-2016-10252 AVG-210 Low No Denial of service
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers...
CVE-2016-7906 AVG-40 High Yes Arbitrary code execution
An attacker is able to trigger a use-after-free when providing a crafted image to ImageMagick's mogrify function.
CVE-2016-7799 AVG-40 Medium Yes Denial of service
A buffer over-read vulnerability was found in ImageMagick. A malicious file could cause the application to crash.

Advisories

Date Advisory Group Severity Type
28 Jun 2020 ASA-202006-14 AVG-1181 Medium information disclosure
28 Mar 2019 ASA-201903-15 AVG-931 Critical arbitrary code execution
08 Oct 2016 ASA-201610-6 AVG-40 High multiple issues