Debian Imagemagick vulnerabilities

727 known vulnerabilities affecting debian/imagemagick.

Total CVEs

727

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL24HIGH138MEDIUM255LOW310

Vulnerabilities

Page 14 of 37

CVE-2018-14435LOWCVSS 6.5fixed in imagemagick 8:6.9.10.8+dfsg-1 (bookworm)2018

CVE-2018-14435 [MEDIUM] CVE-2018-14435: imagemagick - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.8+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.8+dfsg-1) forky: resolved (fixed in 8:6.9.10.8+dfsg-1) sid: resolved (fixed in 8:6.9.10.8+dfsg-1) trixie: resolved (fixed in 8:6.9.10.8+dfsg-1)

debian

CVE-2018-16749LOWCVSS 6.5fixed in imagemagick 8:6.9.10.2+dfsg-2 (bookworm)2018

CVE-2018-16749 [MEDIUM] CVE-2018-16749: imagemagick - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in ... In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.10.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.10.2+dfsg-2) forky: resolved (fixed in 8:6.9.10.2+dfsg

debian

CVE-2018-8804LOWCVSS 8.8fixed in imagemagick 8:6.9.9.39+dfsg-1 (bookworm)2018

CVE-2018-8804 [HIGH] CVE-2018-8804: imagemagick - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attacker... WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.39+dfsg-1) bullseye: resolved (fixed in 8:6.9.9.39+dfsg-1) forky: resolved (fixed in 8:

debian

CVE-2018-9135LOWCVSS 8.8fixed in imagemagick 8:6.9.10.8+dfsg-1 (bookworm)2018

CVE-2018-9135 [HIGH] CVE-2018-9135: imagemagick - In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPIma... In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.8+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.8+dfsg-1) forky: resolved (fixed in 8:6.9.10.8+dfsg-1) sid: resolved (fixed in 8:6.9.10.8+dfsg-1) trixie: resolved (fixed in 8:6.9.10.8+dfsg-1)

debian

CVE-2018-11655LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2018

CVE-2018-11655 [MEDIUM] CVE-2018-11655: imagemagick - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the... In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+d

debian

CVE-2018-18025LOWCVSS 6.5fixed in imagemagick 8:6.9.10.14+dfsg-1 (bookworm)2018

CVE-2018-18025 [MEDIUM] CVE-2018-18025: imagemagick - In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the Encod... In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. Scope: local bookworm: resolved (fixed in 8:6.9.10.14+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.14+dfsg-1) forky: resolved (fixed in 8:6.9.10.14+dfsg-1) sid: reso

debian

CVE-2018-5358LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2018

CVE-2018-5358 [MEDIUM] CVE-2018-5358: imagemagick - ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function ... ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3

debian

CVE-2018-18024LOWCVSS 6.5fixed in imagemagick 8:6.9.10.14+dfsg-1 (bookworm)2018

CVE-2018-18024 [MEDIUM] CVE-2018-18024: imagemagick - In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage funct... In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. Scope: local bookworm: resolved (fixed in 8:6.9.10.14+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.14+dfsg-1) forky: resolved (fixed in 8:6.9.10.14

debian

CVE-2018-10805LOWCVSS 6.5fixed in imagemagick 8:6.9.10.2+dfsg-2 (bookworm)2018

CVE-2018-10805 [MEDIUM] CVE-2018-10805: imagemagick - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/... ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.2+dfsg-2) bullseye: resolved (fixed in 8:6.9.10.2+dfsg-2) forky: resolved (fixed in 8:6.9.10.2+dfsg-2) sid: resolved (fixed in 8:6.9.10.2+dfsg-2) trixie: resolved (fixed in 8:6.9.10.2+dfsg-2)

debian

CVE-2018-14434LOWCVSS 6.5fixed in imagemagick 8:6.9.10.8+dfsg-1 (bookworm)2018

CVE-2018-14434 [MEDIUM] CVE-2018-14434: imagemagick - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/... ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.8+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.8+dfsg-1) forky: resolved (fixed in 8:6.9.10.8+dfsg-1) sid: resolved (fixed in 8:6.9.10.8+dfsg-1) trixie: resolved (fixed in 8:6.9.10.8+dfsg-1)

debian

CVE-2018-5357LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2018

CVE-2018-5357 [MEDIUM] CVE-2018-5357: imagemagick - ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders... ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved (fixed in 8:6.9.9.34+dfsg-3) trixie: resolved (fixed in 8:6.9.9.34+dfsg-3)

debian

CVE-2018-15607LOWCVSS 6.52018

CVE-2018-15607 [MEDIUM] CVE-2018-15607: imagemagick - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x3... In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of s

debian

CVE-2018-14437LOWCVSS 6.5fixed in imagemagick 8:6.9.10.8+dfsg-1 (bookworm)2018

CVE-2018-14437 [MEDIUM] CVE-2018-14437: imagemagick - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.8+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.8+dfsg-1) forky: resolved (fixed in 8:6.9.10.8+dfsg-1) sid: resolved (fixed in 8:6.9.10.8+dfsg-1) trixie: resolved (fixed in 8:6.9.10.8+dfsg-1)

debian

CVE-2018-18544LOWCVSS 6.5fixed in graphicsmagick 1.3.31-1 (bookworm)2018

CVE-2018-18544 [MEDIUM] CVE-2018-18544: graphicsmagick - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMag... There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Scope: local bookworm: resolved (fixed in 1.3.31-1) bullseye: resolved (fixed in 1.3.31-1) forky: resolved (fixed in 1.3.31-1) sid: resolved (fixed in 1.3.31-1) trixie: resolved

debian

CVE-2018-7470LOWCVSS 6.5fixed in imagemagick 8:6.9.9.39+dfsg-1 (bookworm)2018

CVE-2018-7470 [MEDIUM] CVE-2018-7470: imagemagick - An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless fun... An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.9.39+dfsg-1) bullseye: resolved (fixed in 8:6.9.9.39+dfsg-1) forky: resolved (fixed in 8:6.9.9.39+dfsg-1) sid: resolved (f

debian

CVE-2018-16643LOWCVSS 6.5fixed in imagemagick 8:6.9.10.8+dfsg-1 (bookworm)2018

CVE-2018-16643 [MEDIUM] CVE-2018-16643: imagemagick - The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCA... The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. Scope: local bookworm: resolved (fixed in 8:6.9.10.8+dfsg-1)

debian

CVE-2018-17965LOWCVSS 6.5fixed in imagemagick 8:6.9.10.14+dfsg-1 (bookworm)2018

CVE-2018-17965 [MEDIUM] CVE-2018-17965: imagemagick - ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/... ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. Scope: local bookworm: resolved (fixed in 8:6.9.10.14+dfsg-1) bullseye: resolved (fixed in 8:6.9.10.14+dfsg-1) forky: resolved (fixed in 8:6.9.10.14+dfsg-1) sid: resolved (fixed in 8:6.9.10.14+dfsg-1) trixie: resolved (fixed in 8:6.9.10.14+dfsg-1)

debian

CVE-2018-7443LOWCVSS 6.5fixed in imagemagick 8:6.9.9.39+dfsg-1 (bookworm)2018

CVE-2018-7443 [MEDIUM] CVE-2018-7443: imagemagick - The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not... The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). Scope: local bookworm: resolved (fixed in 8:6.9.9.39+dfsg-1) bullseye: resolved (f

debian

CVE-2018-9133LOWCVSS 6.5fixed in imagemagick 8:6.9.10.2+dfsg-2 (bookworm)2018

CVE-2018-9133 [MEDIUM] CVE-2018-9133: imagemagick - ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and Encod... ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file. Scope: local bookworm: resolved (fixed in 8:6.9.10.2+dfsg-2) bullseye: resolve

debian

CVE-2018-11656LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2018

CVE-2018-11656 [MEDIUM] CVE-2018-11656: imagemagick - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the... In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: r

debian

← Previous14 / 37Next →