CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-32545 – Ubuntu Security Notice USN-6200-1
https://notcve.org/view.php?id=CVE-2022-32545
16 Jun 2022 — A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Se ha encontrado una vulnerabilidad en ImageMagick, que causa un fallo fuera del rango de valores representables del tipo "unsigned char" en el archivo coders/psd.c, cuando se procesa una entrada diseñada o no confiable. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2091811 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32546 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2022-32546
16 Jun 2022 — A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. Se ha encontrado una vulnerabilidad en ImageMagick, que causa una salida del rango de valores representables del tipo "unsigned long" en el archivo coders/pcl.c, cuando es procesada una entrada diseñada o no confiable. Es... • https://bugzilla.redhat.com/show_bug.cgi?id=2091812 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1114 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-1114
29 Apr 2022 — A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. Se ha encontrado un fallo de uso de memoria previamente liberada de la pila en la función RelinquishDCMInfo() del archivo dcm.c de ImageMagick. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de ... • https://bugzilla.redhat.com/show_bug.cgi?id=2064538 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-4219 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-4219
23 Mar 2022 — A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. Se ha encontrado un fallo en ImageMagick. La vulnerabilidad es producida debido al uso inapropiado de funciones abiertas y conlleva a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2054611 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3596
https://notcve.org/view.php?id=CVE-2021-3596
24 Feb 2022 — A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Se ha encontrado un fallo de desreferencia de puntero NULL en ImageMagick en versiones anteriores a 7.0.10-31 en la función ReadSVGImage() en el archivo coders/svg.c. Este problema es debido a que no es comprobado el valo... • https://bugzilla.redhat.com/show_bug.cgi?id=1970569 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3610 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2021-3610
24 Feb 2022 — A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Se ha encontrado una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en ImageMagick en las versiones anteriores a 7.0.11-14 en la función ReadTIFFImage() en el archivo coders/tiff.c. Este problema es debido a un ajuste incorrecto del... • http://www.openwall.com/lists/oss-security/2023/05/29/4 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39212 – Issue when Configuring the ImageMagick Security Policy
https://notcve.org/view.php?id=CVE-2021-39212
13 Sep 2021 — ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex.
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27769
https://notcve.org/view.php?id=CVE-2020-27769
14 May 2021 — In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. En ImageMagick versiones anteriores a 7.0.9-0, están fuera del rango de valores representables de tipo "float" en el archivo MagickCore/quantize.c • https://bugzilla.redhat.com/show_bug.cgi?id=1894690 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20311
https://notcve.org/view.php?id=CVE-2021-20311
11 May 2021 — A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en versiones anteriores a 7.0.11, donde una división por cero en la función sRGBTransformImage() en el archivo MagickCore/colorspac... • https://bugzilla.redhat.com/show_bug.cgi?id=1946739 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20310
https://notcve.org/view.php?id=CVE-2021-20310
11 May 2021 — A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en versiones anteriores a 7.0.11, donde una división por cero en la función ConvertXYZToJzazbz() del archivo MagickCore/colorspace.c p... • https://bugzilla.redhat.com/show_bug.cgi?id=1946728 • CWE-369: Divide By Zero •