Shodan
Vulnerabilities
Vulnerable Software
Imagemagick:  Security Vulnerabilities
CVE-2017-14224
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
CVSS Score
8.8
EPSS Score
0.017
Published
2017-09-09
CVE-2017-14172
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-09-07
CVE-2017-14173
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
CVSS Score
6.5
EPSS Score
0.014
Published
2017-09-07
CVE-2017-14174
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-09-07
CVE-2017-14175
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-09-07
CVE-2017-14137
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-04
CVE-2017-14138
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-04
CVE-2017-14139
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-09-04
CVE-2017-12691
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-09-01
CVE-2017-12692
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved