CVSS: 5.5EPSS: 90%CPEs: 84EXPL: 1CVE-2016-3718 – ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2016-3718
05 May 2016 — The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Los codificadores (1) HTTP y (2) FTP en ImageMagick en versiones anteriores a 6.9.3-10 y 7.x en versiones anteriores a 7.0.1-1 permiten a atacantes remotos llevar a cabo ataques de falsificación de peticiones del lado del servidor (SSRF) a través de una imagen manipulada. A server-side request forgery flaw was discovered in th... • https://www.exploit-db.com/exploits/39767 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8716 – Mandriva Linux Security Advisory 2014-226
https://notcve.org/view.php?id=CVE-2014-8716
25 Nov 2014 — The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash). El decodificador JPEG de ImageMagick en versiones anteriores a 6.8.9-9 permite a los usuarios locales provocar una denegación de servicio (acceso a la memoria fuera de límites y caída). A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would ... • http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8562 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8562
04 Nov 2014 — DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). La decodificación de DCM en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites). A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash or, poten... • http://www.securityfocus.com/bid/70837 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8354 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8354
04 Nov 2014 — The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función HorizontalFilter en resize.c en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker c... • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8355 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8355
04 Nov 2014 — PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read). El código parser PCX en ImageMagick en versiones anteriores a 6.8.9-9 permite a los atacantes remotos provocar una denegación de servicio (fuera de los límites de lectura). A buffer overflow flaw was found in the way ImageMagick handled PSD images that use RLE encoding. An attacker could create a malicious PSD image file that, when opened in ImageMagick, would cause ImageMagick to crash o... • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-8561 – ImageMagick Out-Of-Bounds Read / Heap Overflow
https://notcve.org/view.php?id=CVE-2014-8561
04 Nov 2014 — imagemagick 6.8.9.6 has remote DOS via infinite loop imagemagick versión 6.8.9.6, tiene una vulnerabilidad de DOS remota por medio de un bucle infinito. ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf. • http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 5%CPEs: 5EXPL: 1CVE-2014-1947 – ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-1947
09 Apr 2014 — Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la región heap de la memoria en la función WritePSDImage en el archivo coders/psd.c en ImageMagick versiones 6.5.4 y anteriores, permite a atacantes remotos ... • https://www.exploit-db.com/exploits/31688 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2014-1958 – Debian Security Advisory 2898-1
https://notcve.org/view.php?id=CVE-2014-1958
06 Mar 2014 — Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030. Un desbordamiento del búfer en la función DecodePSDPixels en el archivo coders/psd.c en ImageMagick versiones anteriores a 6.8.8-5, podría permitir a atacantes remotos ejecutar código arbitrario por medio de una imagen PSD diseñada, que involucra la cadena L%06ld... • http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 13%CPEs: 7EXPL: 1CVE-2014-2030 – ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2014-2030
06 Mar 2014 — Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. Un desbordamiento del búfer en la región stack de la memoria en la función WritePSDImage en el archivo coders/psd.c en ImageMagick, posiblemente versión 6.8.8-5, permite a atacantes remotos causar una denega... • https://www.exploit-db.com/exploits/31688 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1CVE-2013-4298 – Debian Security Advisory 2750-1
https://notcve.org/view.php?id=CVE-2013-4298
04 Sep 2013 — The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image. La función ReadGIFImage en coders/gif.c en ImageMagick anteriores a 6.7.8-8 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un comentario manipulado en una imagen GIF. It was discovered that ImageMagick incorrectly handled decoding GIF... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721273 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •