CVSS: 4.3EPSS: 44%CPEs: 19EXPL: 2CVE-2016-3716 – ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3716
05 May 2016 — The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. El codificador MSL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos mover archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 42%CPEs: 19EXPL: 1CVE-2016-3717 – ImageMagick 7.0.1-0 / 6.9.3-9 - 'ImageTragick ' Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3717
05 May 2016 — The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. El codificador LABEL en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permite a atacantes remotos leer archivos arbitrarios a través de una imagen manipulada. It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A rem... • https://www.exploit-db.com/exploits/39767 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 90%CPEs: 84EXPL: 1CVE-2016-3718 – ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2016-3718
05 May 2016 — The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in th... • https://www.exploit-db.com/exploits/39767 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8716 – Mandriva Linux Security Advisory 2014-226
https://notcve.org/view.php?id=CVE-2014-8716
25 Nov 2014 — The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). El decodificador JPEG de ImageMagick en versiones anteriores a 6.8.9-9 permite a los usuarios locales provocar una denegación de servicio (acceso a la memoria fuera de límites y caída). A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would ... • http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8562 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8562
04 Nov 2014 — DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). La decodificación de DCM en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites). A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, poten... • http://www.securityfocus.com/bid/70837 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8354 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8354
04 Nov 2014 — The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función HorizontalFilter en resize.c en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker c... • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8355 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8355
04 Nov 2014 — PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). El código parser PCX en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (fuera de los límites de lectura). A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash o... • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 1CVE-2014-1947 – ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-1947
09 Apr 2014 — Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la región heap de la memoria en la función WritePSDImage en el archivo coders/psd.c en ImageMagick versiones 6.5.4 y anteriores, permite a atacantes remotos ... • https://www.exploit-db.com/exploits/31688 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-1958 – Debian Security Advisory 2898-1
https://notcve.org/view.php?id=CVE-2014-1958
06 Mar 2014 — Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la función DecodePSDPixels en el archivo coders/psd.c en ImageMagick versiones anteriores a 6.8.8-5, podría permitir a atacantes remotos ejecutar código arbitrario por medio de una imagen PSD diseñada, que involucra la cadena L%06ld... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1CVE-2013-4298 – Debian Security Advisory 2750-1
https://notcve.org/view.php?id=CVE-2013-4298
04 Sep 2013 — The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. La función ReadGIFImage en coders/gif.c en ImageMagick anteriores a 6.7.8-8 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un comentario manipulado en una imagen GIF. It was discovered that ImageMagick incorrectly handled decoding GIF... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •