CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34153 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-34153
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://access.redhat.com/security/cve/CVE-2023-34153 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1906 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1906
12 Apr 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arb... • https://access.redhat.com/security/cve/CVE-2023-1906 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1289 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1289
23 Mar 2023 — A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG... • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 2CVE-2022-44267 – ImageMagick 7.1.0-49 - DoS
https://notcve.org/view.php?id=CVE-2022-44267
06 Feb 2023 — ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. • https://www.exploit-db.com/exploits/51256 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 88%CPEs: 1EXPL: 28CVE-2022-44268 – ImageMagick 7.1.0-49 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2022-44268
06 Feb 2023 — ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://packetstorm.news/files/id/171727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28463 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-28463
08 May 2022 — ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ImageMagick versión 7.1.0-27, es vulnerable a un desbordamiento del búfer It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagi... • https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3962
https://notcve.org/view.php?id=CVE-2021-3962
19 Nov 2021 — A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo en ImageMagick que no sanea correctamente ciertas entradas antes de utilizarlas para invocar procesos de conve... • https://bugzilla.redhat.com/show_bug.cgi?id=2023196 • CWE-416: Use After Free •