Imagemagick

Imagemagick

793 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.83%
  • Veröffentlicht 08.12.2020 22:15:18
  • Zuletzt bearbeitet 21.11.2024 05:21:46

In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could im...

Exploit
  • EPSS 1.07%
  • Veröffentlicht 08.12.2020 22:15:18
  • Zuletzt bearbeitet 21.11.2024 05:21:46

A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under ...

Exploit
  • EPSS 1.12%
  • Veröffentlicht 08.12.2020 22:15:18
  • Zuletzt bearbeitet 21.11.2024 05:21:46

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lea...

Exploit
  • EPSS 1.02%
  • Veröffentlicht 08.12.2020 22:15:17
  • Zuletzt bearbeitet 21.11.2024 05:18:25

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values ...

Exploit
  • EPSS 1.07%
  • Veröffentlicht 08.12.2020 22:15:17
  • Zuletzt bearbeitet 21.11.2024 05:18:26

In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by Undefin...

Exploit
  • EPSS 1.17%
  • Veröffentlicht 08.12.2020 22:15:17
  • Zuletzt bearbeitet 21.11.2024 05:18:26

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being use...

Exploit
  • EPSS 0.98%
  • Veröffentlicht 08.12.2020 22:15:17
  • Zuletzt bearbeitet 21.11.2024 05:21:45

A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `uns...

Exploit
  • EPSS 1.11%
  • Veröffentlicht 08.12.2020 22:15:17
  • Zuletzt bearbeitet 21.11.2024 05:21:45

A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a...

Exploit
  • EPSS 1.1%
  • Veröffentlicht 08.12.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:23

A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able ...

Exploit
  • EPSS 0.71%
  • Veröffentlicht 08.12.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:23

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by add...