Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An image viewing/manipulation program
Version [extra]


Group Affected Fixed Severity Status Ticket
AVG-1181 Medium Fixed
AVG-939 High Fixed
AVG-931 Critical Fixed
AVG-499 Medium Fixed
AVG-497 Medium Fixed
AVG-354 Low Fixed
AVG-210 Low Not affected
AVG-40 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-13902 AVG-1181 Medium Yes Information disclosure
An out-of-bounds read has been found in the TIFF image decoding part of imagemagick <= 7.0.10-17, in BlobToStringInfo in MagickCore/string.c.
CVE-2019-9956 AVG-931 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in ImageMagick before 7.0.8-35, in the WritePSImage() function.
CVE-2017-14505 AVG-499 Medium Yes Denial of service
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 6.9.9-10 mishandles certain NULL arrays, which allows attackers to perform Denial of Service...
CVE-2017-13134 AVG-497 Medium Yes Denial of service
In ImageMagick, and GraphicsMagick before 1.3.27, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which...
CVE-2017-11352 AVG-354 Low Yes Denial of service
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. This is caused by an incomplete...
CVE-2017-9098 AVG-939 High Yes Information disclosure
Chris Evans discovered that ImageMagick uses unitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory...
CVE-2016-10252 AVG-210 Low No Denial of service
Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers...
CVE-2016-7906 AVG-40 High Yes Arbitrary code execution
An attacker is able to trigger a use-after-free when providing a crafted image to ImageMagick's mogrify function.
CVE-2016-7799 AVG-40 Medium Yes Denial of service
A buffer over-read vulnerability was found in ImageMagick. A malicious file could cause the application to crash.


Date Advisory Group Severity Description
28 Jun 2020 ASA-202006-14 AVG-1181 Medium information disclosure
28 Mar 2019 ASA-201903-15 AVG-931 Critical arbitrary code execution
08 Oct 2016 ASA-201610-6 AVG-40 High multiple issues