Shodan
Vulnerabilities
Vulnerable Software
Imagemagick:  >> Imagemagick  >> 5.4.2.3  Security Vulnerabilities
CVE-2016-8866
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-02-15
CVE-2016-8862
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-02-15
CVE-2016-9298
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-01-27
CVE-2016-6823
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-01-18
CVE-2016-7101
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-01-18
CVE-2016-7799
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS Score
6.5
EPSS Score
0.013
Published
2017-01-18
CVE-2016-6491
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
CVSS Score
8.8
EPSS Score
0.012
Published
2016-12-13
CVE-2016-5842
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
CVSS Score
7.5
EPSS Score
0.007
Published
2016-12-13
CVE-2016-5841
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVSS Score
9.8
EPSS Score
0.23
Published
2016-12-13
CVE-2016-5691
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVSS Score
9.8
EPSS Score
0.029
Published
2016-12-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved