Shodan
Vulnerabilities
Vulnerable Software
Imagemagick:  >> Imagemagick  >> 5.4.8  Security Vulnerabilities
CVE-2016-4562
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS Score
8.8
EPSS Score
0.01
Published
2016-06-04
CVE-2016-3718
Known exploited
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVSS Score
5.5
EPSS Score
0.873
Published
2016-05-05
CVE-2016-3717
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVSS Score
5.5
EPSS Score
0.242
Published
2016-05-05
CVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVSS Score
3.3
EPSS Score
0.213
Published
2016-05-05
CVE-2016-3715
Known exploited
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVSS Score
5.5
EPSS Score
0.89
Published
2016-05-05
CVE-2016-3714
Known exploited
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS Score
8.4
EPSS Score
0.939
Published
2016-05-05
CVE-2013-4298
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
CVSS Score
4.3
EPSS Score
0.009
Published
2013-09-10
CVE-2012-1610
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.
CVSS Score
7.5
EPSS Score
0.07
Published
2012-06-05
CVE-2012-1798
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVSS Score
6.5
EPSS Score
0.014
Published
2012-06-05
CVE-2012-1185
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
CVSS Score
7.8
EPSS Score
0.013
Published
2012-06-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved