CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41817 – Arbitrary Code Execution in `AppImage` version `ImageMagick`
https://notcve.org/view.php?id=CVE-2024-41817
29 Jul 2024 — ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5341 – Imagemagick: heap use-after-free in coders/bmp.c
https://notcve.org/view.php?id=CVE-2023-5341
19 Nov 2023 — A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Se encontró una falla de heap-use-after-free en coders/bmp.c en ImageMagick. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • https://access.redhat.com/security/cve/CVE-2023-5341 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40211 – ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS
https://notcve.org/view.php?id=CVE-2021-40211
22 Aug 2023 — An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. Se ha descubierto un problema con ImageMagick 7.1.0-4 a través de la división por cero en la función ReadEnhMetaFile de coders/emf.c. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include a denial of service vulnerability. • https://github.com/ImageMagick/ImageMagick/issues/4097 • CWE-369: Divide By Zero •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-48541 – Ubuntu Security Notice USN-6393-1
https://notcve.org/view.php?id=CVE-2022-48541
22 Aug 2023 — A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Una pérdida de memoria en ImageMagick 7.0.10-45 y 6.9.11-22 permite a atacantes remotos realizar una denegación de servicio mediante el comando "identify -help". It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. • https://github.com/ImageMagick/ImageMagick/issues/2889 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3745 – Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h
https://notcve.org/view.php?id=CVE-2023-3745
24 Jul 2023 — A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3745 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3428 – Imagemagick: heap-buffer-overflow in coders/tiff.c
https://notcve.org/view.php?id=CVE-2023-3428
04 Jul 2023 — A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. Se encontró una vulnerabilidad de desbordamiento del búfer en coders/tiff.c en ImageMagick. Este problema puede permitir que un atacante local engañe al usuario para que abra un archivo especialmente manipulado, lo que provocará un bloqueo de la aplicación y una denegación ... • https://access.redhat.com/security/cve/CVE-2023-3428 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34474
https://notcve.org/view.php?id=CVE-2023-34474
16 Jun 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34474 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34475
https://notcve.org/view.php?id=CVE-2023-34475
16 Jun 2023 — A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34475 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-3195 – Ubuntu Security Notice USN-6200-2
https://notcve.org/view.php?id=CVE-2023-3195
16 Jun 2023 — A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20... • https://access.redhat.com/security/cve/CVE-2023-3195 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2157 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-2157
06 Jun 2023 — A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=2208537 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •