The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-15017 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | HIGH | Oct 4, 2017 |
| CVE-2017-15016 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | HIGH | Oct 4, 2017 |
| CVE-2017-15015 | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | HIGH | Oct 4, 2017 |
| CVE-2017-14532 | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | High | Sep 20, 2017 |
| CVE-2017-14531 | ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | High | Sep 20, 2017 |
| CVE-2017-14249 | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14343 | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14533 | ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | Medium | Sep 20, 2017 |
| CVE-2017-14342 | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14341 | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | HIGH | Sep 12, 2017 |
| CVE-2017-12418 | ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. | Medium | Aug 4, 2017 |
| CVE-2017-14138 | ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. | High | Sep 6, 2017 |
| CVE-2017-12665 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. | Medium | Aug 8, 2017 |
| CVE-2017-12662 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. | Medium | Aug 8, 2017 |
| CVE-2017-12668 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | Medium | Aug 8, 2017 |
| CVE-2017-12664 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. | Medium | Aug 8, 2017 |
| CVE-2017-14139 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. | Medium | Sep 6, 2017 |
| CVE-2017-12663 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. | Medium | Aug 8, 2017 |
| CVE-2017-12666 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. | Medium | Aug 8, 2017 |
| CVE-2017-12669 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. | Medium | Aug 8, 2017 |
| CVE-2017-12640 | ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. | Medium | Aug 8, 2017 |
| CVE-2017-12641 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\\png.c. | Medium | Aug 8, 2017 |
| CVE-2017-12642 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\\mpc.c. | Medium | Aug 8, 2017 |
| CVE-2017-12667 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\\mat.c. | Medium | Aug 8, 2017 |
| CVE-2017-12644 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\\dcm.c. | Medium | Aug 9, 2017 |
| CVE-2017-12643 | ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\\png.c. | High | Aug 8, 2017 |
| CVE-2017-12587 | ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\\pwp.c. | Medium | Aug 8, 2017 |
| CVE-2020-27560 | ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | MEDIUM | Oct 22, 2020 |
| CVE-2015-8901 | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | Medium | Feb 28, 2017 |
| CVE-2014-9851 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | Medium | Mar 22, 2017 |
| CVE-2014-8561 | imagemagick 6.8.9.6 has remote DOS via infinite loop | MEDIUM | Dec 15, 2019 |
| CVE-2014-9836 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | Medium | Mar 24, 2017 |
| CVE-2014-9840 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | Medium | Mar 24, 2017 |
| CVE-2012-0247 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. | High | Jun 15, 2012 |
| CVE-2012-0248 | ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. | Medium | Jun 6, 2012 |
| CVE-2018-1000172 | Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. | LOW | Apr 30, 2018 |
| CVE-2011-0215 | ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | High | Jul 22, 2011 |
| CVE-2010-0042 | ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html \'ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari\'s memory to the website Description: An uninitialized memory access issue exists in ImageIO\'s handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari\'s memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew \'j00ru\' Jurczyk of Hispasec for reporting this issue.\' | Medium | Mar 15, 2010 |
| CVE-2010-0041 | ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html ImageIO CVE-ID: CVE-2010-0041 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari\'s memory to the website Description: An uninitialized memory access issue exists in ImageIO\'s handling of BMP images. Visiting a maliciously crafted website may result in sending data from Safari\'s memory to the website. This issue is addressed through improved memory handling and additional validation of BMP images. Credit to Matthew \'j00ru\' Jurczyk of Hispasec for reporting this issue. | Medium | Mar 15, 2010 |
| CVE-2010-0043 | ImageIO in Apple Safari before 4.0.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html \'ImageIO CVE-ID: CVE-2010-0043 Available for: Windows 7, Vista, XP Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in the handling of TIFF images. Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling. Credit to Gus Mueller of Flying Meat for reporting this issue.\' | High | Mar 15, 2010 |
| CVE-2016-4629 | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. | HIGH | Jul 21, 2016 |
| CVE-2016-4630 | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression. | MEDIUM | Jul 21, 2016 |
| CVE-2015-5938 | ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. | Medium | Oct 26, 2015 |
| CVE-2015-1139 | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | Medium | Apr 14, 2015 |
| CVE-2010-0543 | ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. | Medium | Jun 17, 2010 |
| CVE-2010-1845 | ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. | Medium | Nov 17, 2010 |
| CVE-2009-2809 | ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to multiple memory corruption issues. | Medium | Sep 15, 2009 |
| CVE-2008-2332 | ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. | High | Oct 1, 2008 |
| CVE-2008-3608 | ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. | High | Oct 1, 2008 |
| CVE-2008-1586 | ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. | High | Nov 26, 2008 |
