Imagemagick: >> Imagemagick >> 7.0.1-8 Security Vulnerabilities
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-11-11
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-10-14
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-14
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-10-14
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-08-12
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-08-12
ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-09
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-01
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVSS Score
8.8
EPSS Score
0.026
Published
2019-07-01