Shodan
Vulnerabilities
Vulnerable Software
Imagemagick:  >> Imagemagick  >> 6.9.12-67  Security Vulnerabilities
CVE-2020-25663
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-12-08
CVE-2019-17547
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-10-14
CVE-2019-13136
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-07-01
CVE-2018-16328
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-09-01
CVE-2018-16329
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-01
CVE-2017-11447
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-19
CVE-2016-7514
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS Score
6.5
EPSS Score
0.011
Published
2017-04-20
CVE-2016-7531
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
CVSS Score
6.5
EPSS Score
0.009
Published
2017-04-19
CVE-2017-5506
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-03-24
CVE-2016-10062
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved