Shodan
Vulnerabilities
Vulnerable Software
Imagemagick:  >> Imagemagick  >> 7.0.3-8  Security Vulnerabilities
CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-07-19
CVE-2017-11450
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-07-19
CVE-2017-11352
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
CVSS Score
6.5
EPSS Score
0.01
Published
2017-07-17
CVE-2017-9098
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-05-19
CVE-2017-5507
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVSS Score
7.5
EPSS Score
0.114
Published
2017-03-24
CVE-2017-5508
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-24
CVE-2017-5509
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-03-24
CVE-2017-5510
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-03-24
CVE-2017-5511
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-03-24
CVE-2017-5506
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved