CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-3574 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-3574
26 Aug 2022 — A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. Se encontró una vulnerabilidad en ImageMagick versión 7.0.11-5, donde al ejecutar un archivo diseñado con el comando convert, ASAN detecta pérdidas de memoria. It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker coul... • https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20224 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20224
25 Aug 2022 — An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. Se ha detectado un problema de desbordamiento de enteros en la función ExportIndexQuantum() de ImageMagick en el archivo MagickCore/quantum-export.c. Las llamadas a la funció... • https://github.com/ImageMagick/ImageMagick/commit/5af1dffa4b6ab984b5f13d1e91c95760d75f12a6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2719 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-2719
09 Aug 2022 — In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. En ImageMagick, un archivo diseñado podría desencadenar un fallo de aserción cuando es realizada una llamada a la función WriteImages en el archivo MagickWand/operation.c, debido a una lista de imágenes NULL. Esto podría causar una denegación de serv... • https://bugzilla.redhat.com/show_bug.cgi?id=2116537 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32547 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-32547
16 Jun 2022 — In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. En ImageMagick, se presenta una carga de dirección alineada inapropiadamente para el tipo "double", que requiere una alineación de 8 bytes, y para el tipo "f... • https://bugzilla.redhat.com/show_bug.cgi?id=2091813 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32545 – Ubuntu Security Notice USN-6200-1
https://notcve.org/view.php?id=CVE-2022-32545
16 Jun 2022 — A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Se ha encontrado una vulnerabilidad en ImageMagick, que causa un fallo fuera del rango de valores representables del tipo "unsigned char" en el archivo coders/psd.c, cuando se procesa una entrada diseñada o no confiable. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2091811 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32546 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-32546
16 Jun 2022 — A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Se ha encontrado una vulnerabilidad en ImageMagick, que causa una salida del rango de valores representables del tipo "unsigned long" en el archivo coders/pcl.c, cuando es procesada una entrada diseñada o no confiable. Es... • https://bugzilla.redhat.com/show_bug.cgi?id=2091812 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28463 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-28463
08 May 2022 — ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ImageMagick versión 7.1.0-27, es vulnerable a un desbordamiento del búfer It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. Zhang Xiaohui discovered that ImageMagi... • https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1114 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-1114
29 Apr 2022 — A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. Se ha encontrado un fallo de uso de memoria previamente liberada de la pila en la función RelinquishDCMInfo() del archivo dcm.c de ImageMagick. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de ... • https://bugzilla.redhat.com/show_bug.cgi?id=2064538 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-4219 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-4219
23 Mar 2022 — A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. Se ha encontrado un fallo en ImageMagick. La vulnerabilidad es producida debido al uso inapropiado de funciones abiertas y conlleva a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2054611 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3596
https://notcve.org/view.php?id=CVE-2021-3596
24 Feb 2022 — A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Se ha encontrado un fallo de desreferencia de puntero NULL en ImageMagick en versiones anteriores a 7.0.10-31 en la función ReadSVGImage() en el archivo coders/svg.c. Este problema es debido a que no es comprobado el valo... • https://bugzilla.redhat.com/show_bug.cgi?id=1970569 • CWE-476: NULL Pointer Dereference •