CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 3CVE-2023-34152
https://notcve.org/view.php?id=CVE-2023-34152
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. • https://github.com/SudoIndividual/CVE-2023-34152 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34151 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-34151
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-34151 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1906 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1906
12 Apr 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arb... • https://access.redhat.com/security/cve/CVE-2023-1906 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1289 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1289
23 Mar 2023 — A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG... • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3213 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-3213
19 Sep 2022 — A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Se ha encontrado un problema de desbordamiento del búfer de la pila en ImageMagick. Cuando una aplicación procesa un archivo TIFF malformado, puede conllevar a un comportamiento indefinido o un bloqueo que cause una denegación de servicio Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead... • https://access.redhat.com/security/cve/CVE-2022-3213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1115 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2022-1115
29 Aug 2022 — A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en la función PushShortPixel() de ImageMagick del archivo quantum-private.h. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de imagen TIFF especial... • https://access.redhat.com/security/cve/CVE-2022-1115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0284 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-0284
29 Aug 2022 — A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. Se ha encontrado un fallo de lectura excesiva del búfer en la región heap de la memoria en la función GetPixelAlpha() del archivo "pixel-accessor.h" de ImageMagick. ... • https://access.redhat.com/security/cve/CVE-2022-0284 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20224 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20224
25 Aug 2022 — An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. Se ha detectado un problema de desbordamiento de enteros en la función ExportIndexQuantum() de ImageMagick en el archivo MagickCore/quantum-export.c. Las llamadas a la funció... • https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2719 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-2719
09 Aug 2022 — In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. En ImageMagick, un archivo diseñado podría desencadenar un fallo de aserción cuando es realizada una llamada a la función WriteImages en el archivo MagickWand/operation.c, debido a una lista de imágenes NULL. Esto podría causar una denegación de serv... • https://bugzilla.redhat.com/show_bug.cgi?id=2116537 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32547 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-32547
16 Jun 2022 — In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. En ImageMagick, se presenta una carga de dirección alineada inapropiadamente para el tipo "double", que requiere una alineación de 8 bytes, y para el tipo "f... • https://bugzilla.redhat.com/show_bug.cgi?id=2091813 • CWE-704: Incorrect Type Conversion or Cast •