CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34151 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-34151
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-34151 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1906 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1906
12 Apr 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arb... • https://access.redhat.com/security/cve/CVE-2023-1906 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1289 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-1289
23 Mar 2023 — A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG... • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 2CVE-2022-44267 – ImageMagick 7.1.0-49 - DoS
https://notcve.org/view.php?id=CVE-2022-44267
06 Feb 2023 — ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. USN-5855-1 fixed a vulnerability in ImageMagick. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that ImageMagick incorrectly handled certain PNG images. • https://www.exploit-db.com/exploits/51256 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 88%CPEs: 1EXPL: 30CVE-2022-44268 – ImageMagick 7.1.0-49 - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2022-44268
06 Feb 2023 — ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). An update that fixes two vulnerabilities is now available. This update for ImageMagick fixes the following issues. Fixed a denial of service when parsing a PNG image. • https://packetstorm.news/files/id/171727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3213 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-3213
19 Sep 2022 — A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Se ha encontrado un problema de desbordamiento del búfer de la pila en ImageMagick. Cuando una aplicación procesa un archivo TIFF malformado, puede conllevar a un comportamiento indefinido o un bloqueo que cause una denegación de servicio An update that fixes one vulnerability is now available. This update for ImageMagick fixe... • https://access.redhat.com/security/cve/CVE-2022-3213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-1115 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2022-1115
29 Aug 2022 — A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. Se ha encontrado un fallo de desbordamiento del búfer de la pila en la función PushShortPixel() de ImageMagick del archivo quantum-private.h. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de imagen TIFF especial... • https://access.redhat.com/security/cve/CVE-2022-1115 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3574 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-3574
26 Aug 2022 — A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. Se encontró una vulnerabilidad en ImageMagick versión 7.0.11-5, donde al ejecutar un archivo diseñado con el comando convert, ASAN detecta pérdidas de memoria. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker coul... • https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20224 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20224
25 Aug 2022 — An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. Se ha detectado un problema de desbordamiento de enteros en la función ExportIndexQuantum() de ImageMagick en el archivo MagickCore/quantum-export.c. Las llamadas a la funció... • https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2719 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-2719
09 Aug 2022 — In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. En ImageMagick, un archivo diseñado podría desencadenar un fallo de aserción cuando es realizada una llamada a la función WriteImages en el archivo MagickWand/operation.c, debido a una lista de imágenes NULL. Esto podría causar una denegación de serv... • https://bugzilla.redhat.com/show_bug.cgi?id=2116537 • CWE-617: Reachable Assertion •