CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41817 – Arbitrary Code Execution in `AppImage` version `ImageMagick`
https://notcve.org/view.php?id=CVE-2024-41817
29 Jul 2024 — ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36. • https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8rxc-922v-phg8 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5341 – Imagemagick: heap use-after-free in coders/bmp.c
https://notcve.org/view.php?id=CVE-2023-5341
19 Nov 2023 — A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Se encontró una falla de heap-use-after-free en coders/bmp.c en ImageMagick. handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • https://access.redhat.com/security/cve/CVE-2023-5341 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39978
https://notcve.org/view.php?id=CVE-2023-39978
08 Aug 2023 — ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. • https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3745 – Imagemagick: heap-buffer-overflow in pushcharpixel() in quantum-private.h
https://notcve.org/view.php?id=CVE-2023-3745
24 Jul 2023 — A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3745 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3428 – Imagemagick: heap-buffer-overflow in coders/tiff.c
https://notcve.org/view.php?id=CVE-2023-3428
04 Jul 2023 — A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. Se encontró una vulnerabilidad de desbordamiento del búfer en coders/tiff.c en ImageMagick. Este problema puede permitir que un atacante local engañe al usuario para que abra un archivo especialmente manipulado, lo que provocará un bloqueo de la aplicación y una denegación ... • https://access.redhat.com/security/cve/CVE-2023-3428 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34474
https://notcve.org/view.php?id=CVE-2023-34474
16 Jun 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34474 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34475
https://notcve.org/view.php?id=CVE-2023-34475
16 Jun 2023 — A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34475 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-3195 – Ubuntu Security Notice USN-6200-2
https://notcve.org/view.php?id=CVE-2023-3195
16 Jun 2023 — A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20... • https://access.redhat.com/security/cve/CVE-2023-3195 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2157 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-2157
06 Jun 2023 — A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=2208537 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34153 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-34153
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://access.redhat.com/security/cve/CVE-2023-34153 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •