CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1114 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2022-1114
29 Apr 2022 — A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service. Se ha encontrado un fallo de uso de memoria previamente liberada de la pila en la función RelinquishDCMInfo() del archivo dcm.c de ImageMagick. Esta vulnerabilidad es desencadenada cuando un atacante pasa un archivo de ... • https://bugzilla.redhat.com/show_bug.cgi?id=2064538 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-4219 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-4219
23 Mar 2022 — A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. Se ha encontrado un fallo en ImageMagick. La vulnerabilidad es producida debido al uso inapropiado de funciones abiertas y conlleva a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2054611 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3610 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2021-3610
24 Feb 2022 — A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Se ha encontrado una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en ImageMagick en las versiones anteriores a 7.0.11-14 en la función ReadTIFFImage() en el archivo coders/tiff.c. Este problema es debido a un ajuste incorrecto del... • http://www.openwall.com/lists/oss-security/2023/05/29/4 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39212 – Issue when Configuring the ImageMagick Security Policy
https://notcve.org/view.php?id=CVE-2021-39212
13 Sep 2021 — ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex.
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20311
https://notcve.org/view.php?id=CVE-2021-20311
11 May 2021 — A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en versiones anteriores a 7.0.11, donde una división por cero en la función sRGBTransformImage() en el archivo MagickCore/colorspac... • https://bugzilla.redhat.com/show_bug.cgi?id=1946739 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20310
https://notcve.org/view.php?id=CVE-2021-20310
11 May 2021 — A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en versiones anteriores a 7.0.11, donde una división por cero en la función ConvertXYZToJzazbz() del archivo MagickCore/colorspace.c p... • https://bugzilla.redhat.com/show_bug.cgi?id=1946728 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20309 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20309
11 May 2021 — A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en versiones anteriores a 7.0.11 y versiones anteriores a 6.9.12, donde una división por cero en la función WaveImage() del archivo MagickCore/visual-effec... • https://bugzilla.redhat.com/show_bug.cgi?id=1946722 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20312 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20312
11 May 2021 — A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en versiones 7.0.11, donde un desbordamiento de enteros en la función WriteTHUMBNAILImage del archivo coders/humbnail.c puede desencadenar un c... • https://bugzilla.redhat.com/show_bug.cgi?id=1946742 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20313 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20313
11 May 2021 — A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en ImageMagick en versiones anteriores a 7.0.11. Una potencial pérdida de cifrado cuando es posible calcular firmas en la función TransformSignature. • https://bugzilla.redhat.com/show_bug.cgi?id=1947019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19667
https://notcve.org/view.php?id=CVE-2020-19667
20 Nov 2020 — Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Un desbordamiento de búfer en la región stack de la memoria y un salto incondicional en la función ReadXPMImage en el archivo coders/xpm.c en ImageMagick versión 7.0.10-7 • https://github.com/ImageMagick/ImageMagick/issues/1895 • CWE-787: Out-of-bounds Write •