Debian Imagemagick vulnerabilities

727 known vulnerabilities affecting debian/imagemagick.

Total CVEs

727

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL24HIGH138MEDIUM255LOW310

Vulnerabilities

Page 19 of 37

CVE-2017-18272MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2017

CVE-2017-18272 [MEDIUM] CVE-2017-18272: imagemagick - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in Read... In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: reso

debian

CVE-2017-9141MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-9 (bookworm)2017

CVE-2017-9141 [MEDIUM] CVE-2017-9141: imagemagick - In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in... In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-9) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-9) forky: resolved (fixed in 8:6.9.7.4+dfsg-

debian

CVE-2017-8352MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-7 (bookworm)2017

CVE-2017-8352 [MEDIUM] CVE-2017-8352: imagemagick - In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to c... In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-7) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-7) forky: resolved (fixed in 8:6.9.7.4+dfsg-7) sid: resolved (fixed in 8:6.9.7.4+dfsg-7) trixie: resolved (fixed in 8:6.9

debian

CVE-2017-11352MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-12 (bookworm)2017

CVE-2017-11352 [MEDIUM] CVE-2017-11352: imagemagick - In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because ... In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-12) forky: resolved (fixed in 8:6.9.7.4+dfsg-12) sid:

debian

CVE-2017-7606MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-4 (bookworm)2017

CVE-2017-7606 [MEDIUM] CVE-2017-7606: imagemagick - coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable v... coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-4) bullseye: resolved (fi

debian

CVE-2017-11526MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-12 (bookworm)2017

CVE-2017-11526 [MEDIUM] CVE-2017-11526: imagemagick - The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7... The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-12) forky: resolved (fixed in 8:6.9.7.4+dfsg-12) sid:

debian

CVE-2017-8347MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-7 (bookworm)2017

CVE-2017-8347 [MEDIUM] CVE-2017-8347: imagemagick - In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to c... In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-7) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-7) forky: resolved (fixed in 8:6.9.7.4+dfsg-7) sid: resolved (fixed in 8:6.9.7.4+dfsg-7) trixie: resolved (fixed in 8:6.9

debian

CVE-2017-8344MEDIUMCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-7 (bookworm)2017

CVE-2017-8344 [MEDIUM] CVE-2017-8344: imagemagick - In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to c... In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-7) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-7) forky: resolved (fixed in 8:6.9.7.4+dfsg-7) sid: resolved (fixed in 8:6.9.7.4+dfsg-7) trixie: resolved (fixed in 8:6.9

debian

CVE-2017-18271LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2017

CVE-2017-18271 [MEDIUM] CVE-2017-18271: imagemagick - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability wa... In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (

debian

CVE-2017-11522LOWCVSS 6.52017

CVE-2017-11522 [MEDIUM] CVE-2017-11522: imagemagick - The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and... The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2017-14172LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2017

CVE-2017-14172 [MEDIUM] CVE-2017-14172: imagemagick - In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of... In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check i

debian

CVE-2017-12669LOWCVSS 8.8fixed in imagemagick 8:6.9.7.4+dfsg-16 (bookworm)2017

CVE-2017-12669 [HIGH] CVE-2017-12669: imagemagick - ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/... ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16) trixie: resolved (fixed in 8:6.9.7.4+dfsg-16)

debian

CVE-2017-13146LOWCVSS 8.8fixed in imagemagick 8:6.9.7.4+dfsg-14 (bookworm)2017

CVE-2017-13146 [HIGH] CVE-2017-13146: imagemagick - In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in ... In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-14) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-14) forky: resolved (fixed in 8:6.9.7.4+dfsg-14) sid: resolved (fixed in 8:6.9.7.4+dfsg-14) trixie: resolved (fixed in 8:6.9.7.4+dfsg-14

debian

CVE-2017-12663LOWCVSS 8.8fixed in imagemagick 8:6.9.7.4+dfsg-16 (bookworm)2017

CVE-2017-12663 [HIGH] CVE-2017-12663: imagemagick - ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/m... ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16) trixie: resolved (fixed in 8:6.9.7.4+dfsg-16)

debian

CVE-2017-17680LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2017

CVE-2017-17680 [MEDIUM] CVE-2017-17680: imagemagick - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolved (fixed in 8:6.9.9.34+dfsg-3) sid: resolved

debian

CVE-2017-17887LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2017

CVE-2017-17887 [MEDIUM] CVE-2017-17887: imagemagick - In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the functi... In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. Scope: local bookworm: resolved (fixed in 8:6.9.9.34+dfsg-3) bullseye: resolved (fixed in 8:6.9.9.34+dfsg-3) forky: resolv

debian

CVE-2017-9439LOWCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-12 (bookworm)2017

CVE-2017-9439 [MEDIUM] CVE-2017-9439: imagemagick - In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in ... In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-12) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-12) forky: resolved (fixed in 8:6.9.7.4+dfsg-12) sid: resolved (fixed in 8:6.9.7.4+dfsg-12) t

debian

CVE-2017-14174LOWCVSS 6.5fixed in imagemagick 8:6.9.9.34+dfsg-3 (bookworm)2017

CVE-2017-14174 [MEDIUM] CVE-2017-14174: imagemagick - In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due... In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no

debian

CVE-2017-11752LOWCVSS 6.5fixed in imagemagick 8:6.9.7.4+dfsg-16 (bookworm)2017

CVE-2017-11752 [MEDIUM] CVE-2017-11752: imagemagick - The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows re... The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. Scope: local bookworm: resolved (fixed in 8:6.9.7.4+dfsg-16) bullseye: resolved (fixed in 8:6.9.7.4+dfsg-16) forky: resolved (fixed in 8:6.9.7.4+dfsg-16) sid: resolved (fixed in 8:6.9.7.4+dfsg-16) trixie:

debian

CVE-2017-13132LOWCVSS 6.52017

CVE-2017-13132 [MEDIUM] CVE-2017-13132: imagemagick - In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on a... In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid

debian

← Previous19 / 37Next →