
CVE-2023-34474
https://notcve.org/view.php?id=CVE-2023-34474
16 Jun 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34474 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2023-34475
https://notcve.org/view.php?id=CVE-2023-34475
16 Jun 2023 — A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34475 • CWE-416: Use After Free •

CVE-2023-3195 – Ubuntu Security Notice USN-6200-2
https://notcve.org/view.php?id=CVE-2023-3195
16 Jun 2023 — A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20... • https://access.redhat.com/security/cve/CVE-2023-3195 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2023-2157 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-2157
06 Jun 2023 — A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=2208537 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2023-34152
https://notcve.org/view.php?id=CVE-2023-34152
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. • https://github.com/SudoIndividual/CVE-2023-34152 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVE-2023-34151 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-34151
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-34151 • CWE-190: Integer Overflow or Wraparound •

CVE-2023-34153 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-34153
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://access.redhat.com/security/cve/CVE-2023-34153 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2023-1906 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1906
12 Apr 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arb... • https://access.redhat.com/security/cve/CVE-2023-1906 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2023-1289 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1289
23 Mar 2023 — A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG... • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 • CWE-20: Improper Input Validation •

CVE-2022-44267 – ImageMagick 7.1.0-49 - DoS
https://notcve.org/view.php?id=CVE-2022-44267
06 Feb 2023 — ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. • https://www.exploit-db.com/exploits/51256 • CWE-404: Improper Resource Shutdown or Release •