Shodan
Vulnerabilities
Vulnerable Software
Imagemagick:  Security Vulnerabilities
CVE-2017-14175
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-09-07
CVE-2017-14137
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-04
CVE-2017-14138
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-04
CVE-2017-14139
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-09-04
CVE-2017-12691
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-09-01
CVE-2017-12692
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-09-01
CVE-2017-12693
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-09-01
CVE-2017-14060
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-08-31
CVE-2017-13768
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
CVSS Score
6.5
EPSS Score
0.009
Published
2017-08-30
CVE-2017-13769
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved