Imagemagick

Imagemagick

740 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2017-17885

  • EPSS 0.3%
  • Veröffentlicht 27.12.2017 17:08:21
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.

6.5

CVE-2017-17886

  • EPSS 0.45%
  • Veröffentlicht 27.12.2017 17:08:21
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.

6.5

CVE-2017-17887

  • EPSS 0.45%
  • Veröffentlicht 27.12.2017 17:08:21
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.

6.5

CVE-2017-17680

Exploit
  • EPSS 0.47%
  • Veröffentlicht 14.12.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.

7.1

CVE-2017-17681

Exploit
  • EPSS 0.46%
  • Veröffentlicht 14.12.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

7.1

CVE-2017-17682

Exploit
  • EPSS 1.71%
  • Veröffentlicht 14.12.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.

9.8

CVE-2017-17499

  • EPSS 2.03%
  • Veröffentlicht 11.12.2017 02:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.

6.5

CVE-2017-17504

Exploit
  • EPSS 0.98%
  • Veröffentlicht 11.12.2017 02:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

8.8

CVE-2017-16546

  • EPSS 0.32%
  • Veröffentlicht 05.11.2017 22:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or po...

6.5

CVE-2017-15277

Exploit
  • EPSS 59.29%
  • Veröffentlicht 12.10.2017 08:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process ...