Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-IMAGEMAGICK-RHEL6.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 6 : imagemagick (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
rhel 6
imagemagick
unpatched vulnerabilities

0.242 Low

EPSS

Percentile

96.6%

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c (CVE-2019-19952)

  • Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
    (CVE-2016-10046)

  • Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. (CVE-2016-10047)

  • Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. (CVE-2016-10048)

  • Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. (CVE-2016-10049)

  • Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. (CVE-2016-10050)

  • Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10051)

  • Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10052)

  • The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
    (CVE-2016-10053)

  • Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10054)

  • Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10055)

  • Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10057)

  • Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. (CVE-2016-10058)

  • Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. (CVE-2016-10059)

  • The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10060)

  • The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file. (CVE-2016-10061)

  • The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10062)

  • Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. (CVE-2016-10063)

  • Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10064)

  • The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
    (CVE-2016-10065)

  • Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10066)

  • magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving too many exceptions, which trigger a buffer overflow.
    (CVE-2016-10067)

  • The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. (CVE-2016-10068)

  • coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. (CVE-2016-10069)

  • Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. (CVE-2016-10070)

  • coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of- bounds read and application crash) via a crafted mat file. (CVE-2016-10071)

  • coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. (CVE-2016-10144)

  • Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. (CVE-2016-10145)

  • Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. (CVE-2016-10146)

  • Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption. (CVE-2016-10252)

  • Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. (CVE-2016-6491)

  • Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
    (CVE-2016-6823)

  • The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of- bounds read) via a large row value in an sgi file. (CVE-2016-7101)

  • The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels. (CVE-2016-7515)

  • The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file. (CVE-2016-7516)

  • The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file. (CVE-2016-7517)

  • The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file. (CVE-2016-7518)

  • The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. (CVE-2016-7519)

  • Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file. (CVE-2016-7520)

  • Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7521, CVE-2016-7525)

  • The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7522)

  • coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. (CVE-2016-7523)

  • coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. (CVE-2016-7526)

  • The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file. (CVE-2016-7528)

  • coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file. (CVE-2016-7529)

  • The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by- zero error or out-of-bounds write) via a crafted file. (CVE-2016-7530)

  • MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. (CVE-2016-7531)

  • coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7532)

  • The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file. (CVE-2016-7533)

  • The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file. (CVE-2016-7534)

  • coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file. (CVE-2016-7535)

  • MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file. (CVE-2016-7537)

  • Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. (CVE-2016-7539)

  • MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. (CVE-2016-7799)

  • magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after- free) via a crafted file. (CVE-2016-7906)

  • The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
    (CVE-2016-8677)

  • An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. (CVE-2016-8707)

  • The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
    (CVE-2016-8862)

  • The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. (CVE-2016-8866)

  • ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service (CVE-2017-1000445)

  • ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)

  • In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (CVE-2017-10928)

  • The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. (CVE-2017-10995)

  • The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
    (CVE-2017-11141)

  • The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. (CVE-2017-11166)

  • The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. (CVE-2017-11170)

  • The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. (CVE-2017-11188)

  • The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. (CVE-2017-11310)

  • In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
    (CVE-2017-11352)

  • The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. (CVE-2017-11360)

  • The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. (CVE-2017-11446)

  • The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. (CVE-2017-11447)

  • The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (CVE-2017-11448)

  • coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. (CVE-2017-11449)

  • coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
    (CVE-2017-11450)

  • The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. (CVE-2017-11478)

  • The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
    (CVE-2017-11505)

  • The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. (CVE-2017-11523)

  • The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
    (CVE-2017-11524)

  • The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11525)

  • The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
    (CVE-2017-11526)

  • The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11527)

  • The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11528)

  • The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11529)

  • The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11530)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. (CVE-2017-11531)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. (CVE-2017-11532)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. (CVE-2017-11533)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. (CVE-2017-11534)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. (CVE-2017-11535)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. (CVE-2017-11536)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. (CVE-2017-11537)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. (CVE-2017-11538)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. (CVE-2017-11539)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
    (CVE-2017-11540)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel- accessor.h. (CVE-2017-11639)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. (CVE-2017-11640)

  • When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. (CVE-2017-11644)

  • The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. (CVE-2017-11724)

  • The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. (CVE-2017-11750)

  • The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11751)

  • The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11752)

  • The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file. (CVE-2017-11753)

  • The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
    (CVE-2017-11754)

  • The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
    (CVE-2017-11755)

  • The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. (CVE-2017-12140)

  • ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. (CVE-2017-12418)

  • In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
    (CVE-2017-12428)

  • In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service. (CVE-2017-12429)

  • In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. (CVE-2017-12432)

  • In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. (CVE-2017-12433)

  • In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c. (CVE-2017-12434)

  • In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service. (CVE-2017-12435)

  • ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
    (CVE-2017-12587)

  • ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
    (CVE-2017-12640)

  • ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. (CVE-2017-12641)

  • ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. (CVE-2017-12642)

  • ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
    (CVE-2017-12643)

  • ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. (CVE-2017-12644)

  • The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-12654)

  • ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. (CVE-2017-12662)

  • ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. (CVE-2017-12663)

  • ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. (CVE-2017-12664)

  • ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. (CVE-2017-12665)

  • ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
    (CVE-2017-12666)

  • The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-12691)

  • The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. (CVE-2017-12692)

  • The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. (CVE-2017-12693)

  • In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. (CVE-2017-12805)

  • In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. (CVE-2017-12806)

  • The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. (CVE-2017-12875)

  • Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. (CVE-2017-12876)

  • Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. (CVE-2017-12877)

  • Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. (CVE-2017-12983)

  • In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13058)

  • In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. (CVE-2017-13059)

  • In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13060)

  • In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. (CVE-2017-13061)

  • In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. (CVE-2017-13062)

  • In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. (CVE-2017-13131)

  • In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the dump uncompressed PseudoColor packets step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. (CVE-2017-13132)

  • In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. (CVE-2017-13133)

  • In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
    (CVE-2017-13134)

  • In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13139)

  • In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. (CVE-2017-13140)

  • In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. (CVE-2017-13141)

  • In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. (CVE-2017-13142)

  • In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. (CVE-2017-13143)

  • In ImageMagick before 6.9.7-10, there is a crash (rather than a width or height exceeds limit error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. (CVE-2017-13144)

  • In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. (CVE-2017-13145)

  • In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. (CVE-2017-13146)

  • In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. (CVE-2017-13658)

  • In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. (CVE-2017-13758)

  • Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. (CVE-2017-13768)

  • The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. (CVE-2017-13769)

  • In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. (CVE-2017-14060)

  • ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. (CVE-2017-14137)

  • In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large extent field in the header but does not contain sufficient backing data, is provided, the loop over length would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14172)

  • In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation GetQuantumRange(depth)+1 when depth is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large max_value value. (CVE-2017-14173)

  • In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large length field in the header but does not contain sufficient backing data, is provided, the loop over length would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14174)

  • In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14175)

  • A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. (CVE-2017-14224)

  • A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. (CVE-2017-14248)

  • ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. (CVE-2017-14249)

  • In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14324)

  • In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. (CVE-2017-14325)

  • In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14326)

  • ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. (CVE-2017-14341)

  • ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. (CVE-2017-14342)

  • ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. (CVE-2017-14343)

  • In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. (CVE-2017-14400)

  • The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. (CVE-2017-14528)

  • ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. (CVE-2017-14531)

  • ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. (CVE-2017-14532)

  • ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. (CVE-2017-14533)

  • In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. (CVE-2017-14607)

  • ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. (CVE-2017-14624)

  • GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. (CVE-2017-14682)

  • The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
    (CVE-2017-14739)

  • The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. (CVE-2017-14741)

  • A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. (CVE-2017-14989)

  • ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. (CVE-2017-15015)

  • ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
    (CVE-2017-15016)

  • ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
    (CVE-2017-15017)

  • ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2017-15032)

  • ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. (CVE-2017-15033)

  • ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. (CVE-2017-15217)

  • ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. (CVE-2017-15218)

  • ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. (CVE-2017-15277)

  • ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to Conditional jump or move depends on uninitialised value(s). (CVE-2017-15281)

  • The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
    (CVE-2017-16546)

  • ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. (CVE-2017-17499)

  • ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. (CVE-2017-17504)

  • In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
    (CVE-2017-17680)

  • In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. (CVE-2017-17681)

  • In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. (CVE-2017-17682)

  • In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. (CVE-2017-17879)

  • In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. (CVE-2017-17880)

  • In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
    (CVE-2017-17881)

  • In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
    (CVE-2017-17882)

  • In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
    (CVE-2017-17884)

  • In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
    (CVE-2017-17885)

  • In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
    (CVE-2017-17886)

  • In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. (CVE-2017-17887)

  • In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. (CVE-2017-17914)

  • ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. (CVE-2017-17934)

  • In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. (CVE-2017-18008)

  • In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
    (CVE-2017-18022)

  • In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
    (CVE-2017-18027)

  • In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
    (CVE-2017-18028)

  • In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
    (CVE-2017-18029)

  • Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. (CVE-2017-5506)

  • Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. (CVE-2017-5507)

  • Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
    (CVE-2017-5508)

  • coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. (CVE-2017-5509, CVE-2017-5510)

  • coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. (CVE-2017-5511)

  • The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file. (CVE-2017-6335)

  • An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). (CVE-2017-6497)

  • An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. (CVE-2017-6498)

  • An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). (CVE-2017-6499)

  • An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. (CVE-2017-6500)

  • An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. (CVE-2017-6501)

  • An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file- descriptor leak in libmagickcore (thus, a DoS). (CVE-2017-6502)

  • The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. (CVE-2017-7275)

  • coders/rle.c in ImageMagick 7.0.5-4 has an outside the range of representable values of type unsigned char undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7606)

  • In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. (CVE-2017-7619)

  • The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7941)

  • The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7942)

  • The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. (CVE-2017-7943)

  • In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8343)

  • In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8344)

  • In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8345)

  • In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8346)

  • In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8347)

  • In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8348)

  • In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8349)

  • In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8350)

  • In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8351)

  • In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8352)

  • In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8353)

  • In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8354)

  • In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8355)

  • In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8356)

  • In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8357)

  • The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. (CVE-2017-8765)

  • In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-8830)

  • ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. (CVE-2017-9098)

  • In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. (CVE-2017-9141)

  • In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
    (CVE-2017-9142)

  • In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. (CVE-2017-9143)

  • In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. (CVE-2017-9144)

  • In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9261)

  • In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9262)

  • In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9405)

  • In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9407)

  • In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-9409)

  • In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9439)

  • In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9440)

  • In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9499)

  • In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9500)

  • In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9501)

  • In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file. (CVE-2018-10177)

  • ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)

  • ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)

  • In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
    (CVE-2018-11656)

  • In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12599)

  • In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. (CVE-2018-12600)

  • In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
    (CVE-2018-13153)

  • ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)

  • ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)

  • ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)

  • ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)

  • In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)

  • ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
    (CVE-2018-16323)

  • In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. (CVE-2018-16328)

  • In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. (CVE-2018-16329)

  • ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
    (CVE-2018-16640)

  • The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. (CVE-2018-16642)

  • The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
    (CVE-2018-16643)

  • There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. (CVE-2018-16644)

  • There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. (CVE-2018-16645)

  • In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. (CVE-2018-16749)

  • In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. (CVE-2018-16750)

  • ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. (CVE-2018-17966)

  • ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. (CVE-2018-17967)

  • ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. (CVE-2018-18016)

  • In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. (CVE-2018-18024)

  • There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)

  • In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-20467)

  • In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
    (CVE-2018-5246)

  • In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. (CVE-2018-5247)

  • ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. (CVE-2018-5357)

  • In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. (CVE-2018-6405)

  • The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. (CVE-2018-6876)

  • A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file. (CVE-2018-6930)

  • The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). (CVE-2018-7443)

  • An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. (CVE-2018-7470)

  • WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file. (CVE-2018-8804)

  • An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. (CVE-2019-10131)

  • In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. (CVE-2019-10650)

  • LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. (CVE-2019-10714)

  • The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
    (CVE-2019-11470)

  • ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. (CVE-2019-11472)

  • In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. (CVE-2019-11597)

  • In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)

  • A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. (CVE-2019-12974)

  • ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
    (CVE-2019-12975)

  • ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)

  • ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the WriteJP2Image function in coders/jp2.c. (CVE-2019-12977)

  • ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in coders/pango.c. (CVE-2019-12978)

  • ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)

  • ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
    (CVE-2019-13133)

  • ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. (CVE-2019-13134)

  • ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage in coders/cut.c. (CVE-2019-13135)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)

  • ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. (CVE-2019-13296)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error. (CVE-2019-13298)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel. (CVE-2019-13299)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. (CVE-2019-13300)

  • ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
    (CVE-2019-13301)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
    (CVE-2019-13303)

  • ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment. (CVE-2019-13304)

  • ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error. (CVE-2019-13305)

  • ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. (CVE-2019-13306)

  • ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. (CVE-2019-13307)

  • ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)

  • ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. (CVE-2019-13310)

  • ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
    (CVE-2019-13311)

  • ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
    (CVE-2019-13454)

  • In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14980)

  • In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14981)

  • The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472. (CVE-2019-15139)

  • coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after- free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)

  • WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
    (CVE-2019-15141)

  • ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)

  • ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)

  • ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. (CVE-2019-16710)

  • ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)

  • ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image. (CVE-2019-16712)

  • ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. (CVE-2019-16713)

  • ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  • ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)

  • ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. (CVE-2019-18853)

  • In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. (CVE-2019-19948)

  • In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)

  • In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)

  • In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. (CVE-2019-7397)

  • In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)

  • In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. (CVE-2019-9956)

  • ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. (CVE-2020-13902)

  • Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. (CVE-2020-19667)

  • A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25663)

  • In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. (CVE-2020-25664)

  • The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-25665)

  • There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssize_t type for these calculations, instead of int. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25666)

  • TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for dc:format=\image/dng\ within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25667)

  • WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-25674)

  • In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
    (CVE-2020-25675)

  • In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-25676)

  • ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. (CVE-2020-27560)

  • A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27750)

  • A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27751)

  • A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well.
    This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27752)

  • There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in AcquireMagickMemory() because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to AcquireMagickMemory(). This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27753)

  • In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. (CVE-2020-27754)

  • in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27755)

  • In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide- by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function PerceptibleReciprocal() in order to prevent such divide-by-zero conditions.
    This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27756)

  • A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27757)

  • A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27758)

  • In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type int to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27759)

  • In GammaImage() of /MagickCore/enhance.c, depending on the gamma value, it’s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the PerceptibleReciprocal() to prevent the divide-by- zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
    (CVE-2020-27760)

  • WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssize_t instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. (CVE-2020-27761)

  • A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. (CVE-2020-27762)

  • A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27763)

  • In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. (CVE-2020-27764)

  • A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27765)

  • A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. (CVE-2020-27766)

  • A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types float and unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27767)

  • In ImageMagick, there is an outside the range of representable values of type ‘unsigned int’ at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27768)

  • In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c. (CVE-2020-27769)

  • Due to a missing check for 0 value of replace_extent, it is possible for offset p to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27770)

  • In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27771)

  • A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned int. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
    (CVE-2020-27772)

  • A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27773)

  • A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27774)

  • A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27775)

  • A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27776)

  • A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. (CVE-2020-27829)

  • ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
    (CVE-2020-29599)

  • A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)

  • Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none (CVE-2021-20189)

  • A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20241)

  • A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  • A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  • A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20245)

  • A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  • A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20310)

  • A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20311)

  • A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. (CVE-2021-20312)

  • A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2’s xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
    (CVE-2021-3596)

  • ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a module policy in policy.xml. ex. <policy domain=module rights=none pattern=PS />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the module policy and instead use the coder policy that is also our workaround recommendation: <policy domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)

  • A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  • In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  • A vulnerability was found in ImageMagick, causing an outside the range of representable values of type ‘unsigned long’ at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  • In ImageMagick, there is load of misaligned address for type ‘double’, which requires 8 byte alignment and for type ‘float’, which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. (CVE-2022-32547)

  • ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. (CVE-2022-44267)

  • ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). (CVE-2022-44268)

  • A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the identify -help command. (CVE-2022-48541)

  • A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. (CVE-2023-1289)

  • A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. (CVE-2023-2157)

  • A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  • A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. (CVE-2023-34153)

  • A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. (CVE-2023-3428)

  • A heap-based buffer overflow issue was found in ImageMagick’s PushCharPixel() function in quantum- private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. (CVE-2023-3745)

  • ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. (CVE-2023-39978)

  • A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory imagemagick. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(195417);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-6491",
    "CVE-2016-6823",
    "CVE-2016-7101",
    "CVE-2016-7515",
    "CVE-2016-7516",
    "CVE-2016-7517",
    "CVE-2016-7518",
    "CVE-2016-7519",
    "CVE-2016-7520",
    "CVE-2016-7521",
    "CVE-2016-7522",
    "CVE-2016-7523",
    "CVE-2016-7525",
    "CVE-2016-7526",
    "CVE-2016-7528",
    "CVE-2016-7529",
    "CVE-2016-7530",
    "CVE-2016-7531",
    "CVE-2016-7532",
    "CVE-2016-7533",
    "CVE-2016-7534",
    "CVE-2016-7535",
    "CVE-2016-7537",
    "CVE-2016-7539",
    "CVE-2016-7799",
    "CVE-2016-7906",
    "CVE-2016-8677",
    "CVE-2016-8707",
    "CVE-2016-8862",
    "CVE-2016-8866",
    "CVE-2016-10046",
    "CVE-2016-10047",
    "CVE-2016-10048",
    "CVE-2016-10049",
    "CVE-2016-10050",
    "CVE-2016-10051",
    "CVE-2016-10052",
    "CVE-2016-10053",
    "CVE-2016-10054",
    "CVE-2016-10055",
    "CVE-2016-10057",
    "CVE-2016-10058",
    "CVE-2016-10059",
    "CVE-2016-10060",
    "CVE-2016-10061",
    "CVE-2016-10062",
    "CVE-2016-10063",
    "CVE-2016-10064",
    "CVE-2016-10065",
    "CVE-2016-10066",
    "CVE-2016-10067",
    "CVE-2016-10068",
    "CVE-2016-10069",
    "CVE-2016-10070",
    "CVE-2016-10071",
    "CVE-2016-10144",
    "CVE-2016-10145",
    "CVE-2016-10146",
    "CVE-2016-10252",
    "CVE-2017-5506",
    "CVE-2017-5507",
    "CVE-2017-5508",
    "CVE-2017-5509",
    "CVE-2017-5510",
    "CVE-2017-5511",
    "CVE-2017-6335",
    "CVE-2017-6497",
    "CVE-2017-6498",
    "CVE-2017-6499",
    "CVE-2017-6500",
    "CVE-2017-6501",
    "CVE-2017-6502",
    "CVE-2017-7275",
    "CVE-2017-7606",
    "CVE-2017-7619",
    "CVE-2017-7941",
    "CVE-2017-7942",
    "CVE-2017-7943",
    "CVE-2017-8343",
    "CVE-2017-8344",
    "CVE-2017-8345",
    "CVE-2017-8346",
    "CVE-2017-8347",
    "CVE-2017-8348",
    "CVE-2017-8349",
    "CVE-2017-8350",
    "CVE-2017-8351",
    "CVE-2017-8352",
    "CVE-2017-8353",
    "CVE-2017-8354",
    "CVE-2017-8355",
    "CVE-2017-8356",
    "CVE-2017-8357",
    "CVE-2017-8765",
    "CVE-2017-8830",
    "CVE-2017-9098",
    "CVE-2017-9141",
    "CVE-2017-9142",
    "CVE-2017-9143",
    "CVE-2017-9144",
    "CVE-2017-9261",
    "CVE-2017-9262",
    "CVE-2017-9405",
    "CVE-2017-9407",
    "CVE-2017-9409",
    "CVE-2017-9439",
    "CVE-2017-9440",
    "CVE-2017-9499",
    "CVE-2017-9500",
    "CVE-2017-9501",
    "CVE-2017-10928",
    "CVE-2017-10995",
    "CVE-2017-11141",
    "CVE-2017-11166",
    "CVE-2017-11170",
    "CVE-2017-11188",
    "CVE-2017-11310",
    "CVE-2017-11352",
    "CVE-2017-11360",
    "CVE-2017-11446",
    "CVE-2017-11447",
    "CVE-2017-11448",
    "CVE-2017-11449",
    "CVE-2017-11450",
    "CVE-2017-11478",
    "CVE-2017-11505",
    "CVE-2017-11523",
    "CVE-2017-11524",
    "CVE-2017-11525",
    "CVE-2017-11526",
    "CVE-2017-11527",
    "CVE-2017-11528",
    "CVE-2017-11529",
    "CVE-2017-11530",
    "CVE-2017-11531",
    "CVE-2017-11532",
    "CVE-2017-11533",
    "CVE-2017-11534",
    "CVE-2017-11535",
    "CVE-2017-11536",
    "CVE-2017-11537",
    "CVE-2017-11538",
    "CVE-2017-11539",
    "CVE-2017-11540",
    "CVE-2017-11639",
    "CVE-2017-11640",
    "CVE-2017-11644",
    "CVE-2017-11724",
    "CVE-2017-11750",
    "CVE-2017-11751",
    "CVE-2017-11752",
    "CVE-2017-11753",
    "CVE-2017-11754",
    "CVE-2017-11755",
    "CVE-2017-12140",
    "CVE-2017-12418",
    "CVE-2017-12428",
    "CVE-2017-12429",
    "CVE-2017-12432",
    "CVE-2017-12433",
    "CVE-2017-12434",
    "CVE-2017-12435",
    "CVE-2017-12587",
    "CVE-2017-12640",
    "CVE-2017-12641",
    "CVE-2017-12642",
    "CVE-2017-12643",
    "CVE-2017-12644",
    "CVE-2017-12654",
    "CVE-2017-12662",
    "CVE-2017-12663",
    "CVE-2017-12664",
    "CVE-2017-12665",
    "CVE-2017-12666",
    "CVE-2017-12691",
    "CVE-2017-12692",
    "CVE-2017-12693",
    "CVE-2017-12805",
    "CVE-2017-12806",
    "CVE-2017-12875",
    "CVE-2017-12876",
    "CVE-2017-12877",
    "CVE-2017-12983",
    "CVE-2017-13058",
    "CVE-2017-13059",
    "CVE-2017-13060",
    "CVE-2017-13061",
    "CVE-2017-13062",
    "CVE-2017-13131",
    "CVE-2017-13132",
    "CVE-2017-13133",
    "CVE-2017-13134",
    "CVE-2017-13139",
    "CVE-2017-13140",
    "CVE-2017-13141",
    "CVE-2017-13142",
    "CVE-2017-13143",
    "CVE-2017-13144",
    "CVE-2017-13145",
    "CVE-2017-13146",
    "CVE-2017-13658",
    "CVE-2017-13758",
    "CVE-2017-13768",
    "CVE-2017-13769",
    "CVE-2017-14060",
    "CVE-2017-14137",
    "CVE-2017-14172",
    "CVE-2017-14173",
    "CVE-2017-14174",
    "CVE-2017-14175",
    "CVE-2017-14224",
    "CVE-2017-14248",
    "CVE-2017-14249",
    "CVE-2017-14324",
    "CVE-2017-14325",
    "CVE-2017-14326",
    "CVE-2017-14341",
    "CVE-2017-14342",
    "CVE-2017-14343",
    "CVE-2017-14400",
    "CVE-2017-14528",
    "CVE-2017-14531",
    "CVE-2017-14532",
    "CVE-2017-14533",
    "CVE-2017-14607",
    "CVE-2017-14624",
    "CVE-2017-14682",
    "CVE-2017-14739",
    "CVE-2017-14741",
    "CVE-2017-14989",
    "CVE-2017-15015",
    "CVE-2017-15016",
    "CVE-2017-15017",
    "CVE-2017-15032",
    "CVE-2017-15033",
    "CVE-2017-15217",
    "CVE-2017-15218",
    "CVE-2017-15277",
    "CVE-2017-15281",
    "CVE-2017-16546",
    "CVE-2017-17499",
    "CVE-2017-17504",
    "CVE-2017-17680",
    "CVE-2017-17681",
    "CVE-2017-17682",
    "CVE-2017-17879",
    "CVE-2017-17880",
    "CVE-2017-17881",
    "CVE-2017-17882",
    "CVE-2017-17884",
    "CVE-2017-17885",
    "CVE-2017-17886",
    "CVE-2017-17887",
    "CVE-2017-17914",
    "CVE-2017-17934",
    "CVE-2017-18008",
    "CVE-2017-18022",
    "CVE-2017-18027",
    "CVE-2017-18028",
    "CVE-2017-18029",
    "CVE-2017-1000445",
    "CVE-2017-1000476",
    "CVE-2018-5246",
    "CVE-2018-5247",
    "CVE-2018-5357",
    "CVE-2018-6405",
    "CVE-2018-6876",
    "CVE-2018-6930",
    "CVE-2018-7443",
    "CVE-2018-7470",
    "CVE-2018-8804",
    "CVE-2018-10177",
    "CVE-2018-10804",
    "CVE-2018-10805",
    "CVE-2018-11656",
    "CVE-2018-12599",
    "CVE-2018-12600",
    "CVE-2018-13153",
    "CVE-2018-14434",
    "CVE-2018-14435",
    "CVE-2018-14436",
    "CVE-2018-14437",
    "CVE-2018-15607",
    "CVE-2018-16323",
    "CVE-2018-16328",
    "CVE-2018-16329",
    "CVE-2018-16640",
    "CVE-2018-16642",
    "CVE-2018-16643",
    "CVE-2018-16644",
    "CVE-2018-16645",
    "CVE-2018-16749",
    "CVE-2018-16750",
    "CVE-2018-17966",
    "CVE-2018-17967",
    "CVE-2018-18016",
    "CVE-2018-18024",
    "CVE-2018-18544",
    "CVE-2018-20467",
    "CVE-2019-7175",
    "CVE-2019-7397",
    "CVE-2019-7398",
    "CVE-2019-9956",
    "CVE-2019-10131",
    "CVE-2019-10650",
    "CVE-2019-10714",
    "CVE-2019-11470",
    "CVE-2019-11472",
    "CVE-2019-11597",
    "CVE-2019-11598",
    "CVE-2019-12974",
    "CVE-2019-12975",
    "CVE-2019-12976",
    "CVE-2019-12977",
    "CVE-2019-12978",
    "CVE-2019-12979",
    "CVE-2019-13133",
    "CVE-2019-13134",
    "CVE-2019-13135",
    "CVE-2019-13295",
    "CVE-2019-13296",
    "CVE-2019-13297",
    "CVE-2019-13298",
    "CVE-2019-13299",
    "CVE-2019-13300",
    "CVE-2019-13301",
    "CVE-2019-13303",
    "CVE-2019-13304",
    "CVE-2019-13305",
    "CVE-2019-13306",
    "CVE-2019-13307",
    "CVE-2019-13309",
    "CVE-2019-13310",
    "CVE-2019-13311",
    "CVE-2019-13454",
    "CVE-2019-14980",
    "CVE-2019-14981",
    "CVE-2019-15139",
    "CVE-2019-15140",
    "CVE-2019-15141",
    "CVE-2019-16708",
    "CVE-2019-16709",
    "CVE-2019-16710",
    "CVE-2019-16711",
    "CVE-2019-16712",
    "CVE-2019-16713",
    "CVE-2019-17540",
    "CVE-2019-17541",
    "CVE-2019-18853",
    "CVE-2019-19948",
    "CVE-2019-19949",
    "CVE-2019-19952",
    "CVE-2020-13902",
    "CVE-2020-19667",
    "CVE-2020-25663",
    "CVE-2020-25664",
    "CVE-2020-25665",
    "CVE-2020-25666",
    "CVE-2020-25667",
    "CVE-2020-25674",
    "CVE-2020-25675",
    "CVE-2020-25676",
    "CVE-2020-27560",
    "CVE-2020-27750",
    "CVE-2020-27751",
    "CVE-2020-27752",
    "CVE-2020-27753",
    "CVE-2020-27754",
    "CVE-2020-27755",
    "CVE-2020-27756",
    "CVE-2020-27757",
    "CVE-2020-27758",
    "CVE-2020-27759",
    "CVE-2020-27760",
    "CVE-2020-27761",
    "CVE-2020-27762",
    "CVE-2020-27763",
    "CVE-2020-27764",
    "CVE-2020-27765",
    "CVE-2020-27766",
    "CVE-2020-27767",
    "CVE-2020-27768",
    "CVE-2020-27769",
    "CVE-2020-27770",
    "CVE-2020-27771",
    "CVE-2020-27772",
    "CVE-2020-27773",
    "CVE-2020-27774",
    "CVE-2020-27775",
    "CVE-2020-27776",
    "CVE-2020-27829",
    "CVE-2020-29599",
    "CVE-2021-3596",
    "CVE-2021-4219",
    "CVE-2021-20176",
    "CVE-2021-20189",
    "CVE-2021-20241",
    "CVE-2021-20243",
    "CVE-2021-20244",
    "CVE-2021-20245",
    "CVE-2021-20246",
    "CVE-2021-20310",
    "CVE-2021-20311",
    "CVE-2021-20312",
    "CVE-2021-39212",
    "CVE-2022-2719",
    "CVE-2022-32546",
    "CVE-2022-32547",
    "CVE-2022-44267",
    "CVE-2022-44268",
    "CVE-2022-48541",
    "CVE-2023-1289",
    "CVE-2023-2157",
    "CVE-2023-3428",
    "CVE-2023-3745",
    "CVE-2023-5341",
    "CVE-2023-34151",
    "CVE-2023-34153",
    "CVE-2023-39978"
  );

  script_name(english:"RHEL 6 : imagemagick (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - ImageMagick: use-after-free in MngInfoDiscardObject in coders/png.c (CVE-2019-19952)

  - Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows
    remote attackers to cause a denial of service (application crash) via a crafted image file.
    (CVE-2016-10046)

  - Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote
    attackers to cause a denial of service (memory consumption) via a crafted XML file. (CVE-2016-10047)

  - Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to
    load arbitrary modules via unspecified vectors. (CVE-2016-10048)

  - Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote
    attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
    RLE file. (CVE-2016-10049)

  - Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows
    remote attackers to cause a denial of service (application crash) or have other unspecified impact via a
    crafted RLE file. (CVE-2016-10050)

  - Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows
    remote attackers to cause a denial of service (application crash) or have other unspecified impact via a
    crafted file. (CVE-2016-10051)

  - Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote
    attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
    file. (CVE-2016-10052)

  - The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to
    cause a denial of service (divide-by-zero error and application crash) via a crafted file.
    (CVE-2016-10053)

  - Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote
    attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
    file. (CVE-2016-10054)

  - Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote
    attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted
    file. (CVE-2016-10055)

  - Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows
    remote attackers to cause a denial of service (application crash) or have other unspecified impact via a
    crafted file. (CVE-2016-10057)

  - Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote
    attackers to cause a denial of service (memory consumption) via a crafted image file. (CVE-2016-10058)

  - Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial
    of service (application crash) or have unspecified other impact via a crafted TIFF file. (CVE-2016-10059)

  - The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check
    the return value of the fputc function, which allows remote attackers to cause a denial of service
    (application crash) via a crafted file. (CVE-2016-10060)

  - The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return
    value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a
    crafted image file. (CVE-2016-10061)

  - The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite
    function, which allows remote attackers to cause a denial of service (application crash) via a crafted
    file. (CVE-2016-10062)

  - Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial
    of service (application crash) or have other unspecified impact via a crafted file, related to extend
    validity. (CVE-2016-10063)

  - Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial
    of service (application crash) or have other unspecified impact via a crafted file. (CVE-2016-10064)

  - The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause
    a denial of service (application crash) or have other unspecified impact via a crafted file.
    (CVE-2016-10065)

  - Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote
    attackers to cause a denial of service (application crash) via a crafted file. (CVE-2016-10066)

  - magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service
    (application crash) via vectors involving too many exceptions, which trigger a buffer overflow.
    (CVE-2016-10067)

  - The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service
    (segmentation fault and application crash) via a crafted XML file. (CVE-2016-10068)

  - coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service
    (application crash) via a mat file with an invalid number of frames. (CVE-2016-10069)

  - Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows
    remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat
    file. (CVE-2016-10070)

  - coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-
    bounds read and application crash) via a crafted mat file. (CVE-2016-10071)

  - coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing
    malloc check. (CVE-2016-10144)

  - Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via
    vectors related to a string copy. (CVE-2016-10145)

  - Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to
    cause a denial of service (memory consumption) via unspecified vectors. (CVE-2016-10146)

  - Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used
    in ODR-PadEnc and other products, allows attackers to trigger memory consumption. (CVE-2016-10252)

  - Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and
    7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak,
    and crash) via a crafted image. (CVE-2016-6491)

  - Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial
    of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
    (CVE-2016-6823)

  - The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-
    bounds read) via a large row value in an sgi file. (CVE-2016-7101)

  - The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via vectors related to the number of pixels. (CVE-2016-7515)

  - The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted VIFF file. (CVE-2016-7516)

  - The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted PICT file. (CVE-2016-7517)

  - The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted SUN file. (CVE-2016-7518)

  - The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted file. (CVE-2016-7519)

  - Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted HDR file. (CVE-2016-7520)

  - Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7521, CVE-2016-7525)

  - The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial
    of service (out-of-bounds read) via a crafted PSD file. (CVE-2016-7522)

  - coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via
    a crafted file. (CVE-2016-7523)

  - coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via
    a crafted file. (CVE-2016-7526)

  - The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of
    service (segmentation fault) via a crafted VIFF file. (CVE-2016-7528)

  - coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via
    a crafted XCF file. (CVE-2016-7529)

  - The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-
    zero error or out-of-bounds write) via a crafted file. (CVE-2016-7530)

  - MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds
    write) via a crafted PDB file. (CVE-2016-7531)

  - coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via
    a crafted PSD file. (CVE-2016-7532)

  - The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted WPG file. (CVE-2016-7533)

  - The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds
    access) via a crafted file. (CVE-2016-7534)

  - coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via
    a crafted PSD file. (CVE-2016-7535)

  - MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds
    access) via a crafted PDB file. (CVE-2016-7537)

  - Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of
    service (memory consumption) via unspecified vectors. (CVE-2016-7539)

  - MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service
    (out-of-bounds read) via a crafted file. (CVE-2016-7799)

  - magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-
    free) via a crafted file. (CVE-2016-7906)

  - The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote
    attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
    (CVE-2016-8677)

  - An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's
    convert utility. A crafted TIFF document can lead to an out of bounds write which in particular
    circumstances could be leveraged into remote code execution. The vulnerability can be triggered through
    any user controlled TIFF that is handled by this functionality. (CVE-2016-8707)

  - The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote
    attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
    (CVE-2016-8862)

  - The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows
    remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation
    failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862. (CVE-2016-8866)

  - ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore
    component and might lead to denial of service (CVE-2017-1000445)

  - ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in
    coders/dds.c, which allows attackers to cause a denial of service. (CVE-2017-1000476)

  - In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows
    remote attackers to obtain sensitive information from process memory or possibly have unspecified other
    impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in
    coders/svg.c. (CVE-2017-10928)

  - The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial
    of service (heap-based buffer over-read and application crash) via a crafted MNG image. (CVE-2017-10995)

  - The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can
    cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
    (CVE-2017-11141)

  - The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can
    cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD
    file. (CVE-2017-11166)

  - The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can
    cause memory exhaustion via invalid colors data in the header of a TGA or VST file. (CVE-2017-11170)

  - The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can
    cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. (CVE-2017-11188)

  - The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has
    memory leak vulnerabilities via crafted PNG files. (CVE-2017-11310)

  - In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling
    in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
    (CVE-2017-11352)

  - The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a
    crafted rle file that triggers a huge number_pixels value. (CVE-2017-11360)

  - The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that
    can cause CPU exhaustion via a crafted PES file. (CVE-2017-11446)

  - The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks,
    causing denial of service. (CVE-2017-11447)

  - The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to
    obtain sensitive information from uninitialized memory locations via a crafted file. (CVE-2017-11448)

  - coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob
    sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have
    unspecified other impact via an image received from stdin. (CVE-2017-11449)

  - coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service
    (application crash) or possibly have unspecified other impact via JPEG data that is too short.
    (CVE-2017-11450)

  - The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1
    allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed
    DJVU image. (CVE-2017-11478)

  - The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows
    remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
    (CVE-2017-11505)

  - The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows
    remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file
    condition is not considered. (CVE-2017-11523)

  - The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows
    remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
    (CVE-2017-11524)

  - The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
    remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11525)

  - The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
    remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
    (CVE-2017-11526)

  - The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
    remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11527)

  - The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
    remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11528)

  - The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
    remote attackers to cause a denial of service (memory leak) via a crafted file. (CVE-2017-11529)

  - The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows
    remote attackers to cause a denial of service (memory consumption) via a crafted file. (CVE-2017-11530)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    WriteHISTOGRAMImage() function in coders/histogram.c. (CVE-2017-11531)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    WriteMPCImage() function in coders/mpc.c. (CVE-2017-11532)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
    in the WriteUILImage() function in coders/uil.c. (CVE-2017-11533)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    lite_font_map() function in coders/wmf.c. (CVE-2017-11534)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
    in the WritePSImage() function in coders/ps.c. (CVE-2017-11535)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    WriteJP2Image() function in coders/jp2.c. (CVE-2017-11536)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception
    (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel
    calculation. (CVE-2017-11537)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    WriteOnePNGImage() function in coders/png.c. (CVE-2017-11538)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    ReadOnePNGImage() function in coders/png.c. (CVE-2017-11539)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
    in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
    (CVE-2017-11540)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read
    in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-
    accessor.h. (CVE-2017-11639)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception
    in the WritePTIFImage() function in coders/tiff.c. (CVE-2017-11640)

  - When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the
    ReadMATImage() function in coders/mat.c. (CVE-2017-11644)

  - The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has
    memory leaks involving the quantum_info and clone_info data structures. (CVE-2017-11724)

  - The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to
    cause a denial of service (NULL pointer dereference) via a crafted file. (CVE-2017-11750)

  - The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
    denial of service (memory leak) via a crafted file. (CVE-2017-11751)

  - The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
    denial of service (memory leak) via a crafted file. (CVE-2017-11752)

  - The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers
    to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System
    (FITS) file. (CVE-2017-11753)

  - The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
    denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
    (CVE-2017-11754)

  - The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a
    denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
    (CVE-2017-11755)

  - The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading
    to excessive memory consumption via a crafted DCM file. (CVE-2017-12140)

  - ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related
    to the WriteImage function in MagickCore/constitute.c. (CVE-2017-12418)

  - In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in
    coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
    (CVE-2017-12428)

  - In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in
    coders/miff.c, which allows attackers to cause a denial of service. (CVE-2017-12429)

  - In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in
    coders/pcx.c, which allows attackers to cause a denial of service. (CVE-2017-12432)

  - In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in
    coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in
    memory.c. (CVE-2017-12433)

  - In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in
    coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo
    in image.c. (CVE-2017-12434)

  - In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in
    coders/sun.c, which allows attackers to cause a denial of service. (CVE-2017-12435)

  - ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
    (CVE-2017-12587)

  - ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
    (CVE-2017-12640)

  - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. (CVE-2017-12641)

  - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. (CVE-2017-12642)

  - ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
    (CVE-2017-12643)

  - ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. (CVE-2017-12644)

  - The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of
    service (memory leak) via a crafted file. (CVE-2017-12654)

  - ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. (CVE-2017-12662)

  - ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. (CVE-2017-12663)

  - ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. (CVE-2017-12664)

  - ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. (CVE-2017-12665)

  - ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
    (CVE-2017-12666)

  - The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial
    of service (memory consumption) via a crafted file. (CVE-2017-12691)

  - The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a
    denial of service (memory consumption) via a crafted VIFF file. (CVE-2017-12692)

  - The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial
    of service (memory consumption) via a crafted BMP file. (CVE-2017-12693)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which
    allows attackers to cause a denial of service. (CVE-2017-12805)

  - In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which
    allows attackers to cause a denial of service. (CVE-2017-12806)

  - The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of
    service (CPU consumption) via a crafted file. (CVE-2017-12875)

  - Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a
    denial of service via a crafted file. (CVE-2017-12876)

  - Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows
    remote attackers to cause a denial of service via a crafted file. (CVE-2017-12877)

  - Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows
    remote attackers to cause a denial of service (application crash) or possibly have unspecified other
    impact via a crafted file. (CVE-2017-12983)

  - In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in
    coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13058)

  - In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in
    coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a
    crafted file. (CVE-2017-13059)

  - In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in
    coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-13060)

  - In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal
    in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via
    a crafted file. (CVE-2017-13061)

  - In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c,
    which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted
    file. (CVE-2017-13062)

  - In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in
    coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in
    MagickCore/linked-list.c) via a crafted file. (CVE-2017-13131)

  - In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure
    in the dump uncompressed PseudoColor packets step, which allows attackers to cause a denial of service
    (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. (CVE-2017-13132)

  - In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows
    attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. (CVE-2017-13133)

  - In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function
    SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
    (CVE-2017-13134)

  - In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an
    out-of-bounds read with the MNG CLIP chunk. (CVE-2017-13139)

  - In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows
    remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with
    a width equal to MAGICK_WIDTH_LIMIT. (CVE-2017-13140)

  - In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in
    ReadOnePNGImage in coders/png.c. (CVE-2017-13141)

  - In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because
    there was an insufficient check for short files. (CVE-2017-13142)

  - In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses
    uninitialized data, which might allow remote attackers to obtain sensitive information from process
    memory. (CVE-2017-13143)

  - In ImageMagick before 6.9.7-10, there is a crash (rather than a width or height exceeds limit error
    report) if the image dimensions are too large, as demonstrated by use of the mpc coder. (CVE-2017-13144)

  - In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not
    properly validate the channel geometry, leading to a crash. (CVE-2017-13145)

  - In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function
    in coders/mat.c. (CVE-2017-13146)

  - In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage
    function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the
    DestroyImageInfo function in MagickCore/image.c. (CVE-2017-13658)

  - In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in
    MagickCore/draw.c. (CVE-2017-13758)

  - Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through
    7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. (CVE-2017-13768)

  - The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker
    to cause a denial of service (buffer over-read) by sending a crafted JPEG file. (CVE-2017-13769)

  - In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in
    coders/cut.c that could allow an attacker to cause a Denial of Service (in the
    QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image
    file. (CVE-2017-14060)

  - ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive
    because it depends only on a length field in a header. (CVE-2017-14137)

  - In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File)
    check might cause huge CPU consumption. When a crafted PSD file, which claims a large extent field in
    the header but does not contain sufficient backing data, is provided, the loop over length would consume
    huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14172)

  - In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur
    for the addition operation GetQuantumRange(depth)+1 when depth is large, producing a smaller value
    than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large
    max_value value. (CVE-2017-14173)

  - In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of
    File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large length field
    in the header but does not contain sufficient backing data, is provided, the loop over length would
    consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14174)

  - In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File)
    check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns
    fields in the header but does not contain sufficient backing data, is provided, the loop over the rows
    would consume huge CPU resources, since there is no EOF check inside the loop. (CVE-2017-14175)

  - A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote
    attackers to cause a denial of service or code execution via a crafted file. (CVE-2017-14224)

  - A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows
    remote attackers to cause a denial of service via a crafted file. (CVE-2017-14248)

  - ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero
    in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via
    a crafted file. (CVE-2017-14249)

  - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in
    coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14324)

  - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in
    magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in
    coders/mpc.c) via a crafted file. (CVE-2017-14325)

  - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in
    coders/mat.c, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-14326)

  - ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion
    via a crafted wpg image file. (CVE-2017-14341)

  - ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted
    wpg image file. (CVE-2017-14342)

  - ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf
    image file. (CVE-2017-14343)

  - In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache
    nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the
    function GetVirtualPixels in MagickCore/cache.c) via a crafted file. (CVE-2017-14400)

  - The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about
    whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote
    attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and
    application crash) via a crafted file. (CVE-2017-14528)

  - ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. (CVE-2017-14531)

  - ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. (CVE-2017-14532)

  - ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. (CVE-2017-14533)

  - In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in
    coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or
    cause an application crash. (CVE-2017-14607)

  - ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function
    PostscriptDelegateMessage in coders/ps.c. (CVE-2017-14624)

  - GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of
    service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a
    crafted SVG document, a different vulnerability than CVE-2017-10928. (CVE-2017-14682)

  - The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles
    failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer
    Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
    (CVE-2017-14739)

  - The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause
    a denial of service (infinite loop) via a crafted font file. (CVE-2017-14741)

  - A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to
    crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is
    called at an incorrect place in the ImageMagick code. (CVE-2017-14989)

  - ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in
    coders/pdf.c. (CVE-2017-15015)

  - ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
    (CVE-2017-15016)

  - ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
    (CVE-2017-15017)

  - ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2017-15032)

  - ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. (CVE-2017-15033)

  - ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. (CVE-2017-15217)

  - ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. (CVE-2017-15218)

  - ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette
    uninitialized when processing a GIF file that has neither a global nor local palette. If the affected
    product is used as a library loaded into a process that operates on interesting data, this data sometimes
    can be leaked via the uninitialized palette. (CVE-2017-15277)

  - ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service
    (application crash) or possibly have unspecified other impact via a crafted file, related to Conditional
    jump or move depends on uninitialised value(s). (CVE-2017-15281)

  - The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap
    index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized
    data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
    (CVE-2017-16546)

  - ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in
    Magick++/lib/Image.cpp. (CVE-2017-17499)

  - ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via
    a crafted file, related to ReadOneMNGImage. (CVE-2017-17504)

  - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in
    coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
    (CVE-2017-17680)

  - In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in
    coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image
    file. (CVE-2017-17681)

  - In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in
    coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image
    file that triggers a ReadWPGImage call. (CVE-2017-17682)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage
    in coders/png.c, related to length calculation and caused by an off-by-one error. (CVE-2017-17879)

  - In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage
    in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. (CVE-2017-17880)

  - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in
    coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
    (CVE-2017-17881)

  - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in
    coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
    (CVE-2017-17882)

  - In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in
    coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
    (CVE-2017-17884)

  - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in
    coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
    (CVE-2017-17885)

  - In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in
    coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
    (CVE-2017-17886)

  - In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in
    magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is
    processed by ReadOneMNGImage. (CVE-2017-17887)

  - In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c,
    which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image
    file. (CVE-2017-17914)

  - ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and
    ProcessMSLScript, and associated with mishandling of MSLPushImage calls. (CVE-2017-17934)

  - In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. (CVE-2017-18008)

  - In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
    (CVE-2017-18022)

  - In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in
    coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
    (CVE-2017-18027)

  - In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in
    coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
    (CVE-2017-18028)

  - In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in
    coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
    (CVE-2017-18029)

  - Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified
    impact via a crafted file. (CVE-2017-5506)

  - Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers
    to cause a denial of service (memory consumption) via vectors involving a pixel cache. (CVE-2017-5507)

  - Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before
    7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
    (CVE-2017-5508)

  - coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file,
    which triggers an out-of-bounds write. (CVE-2017-5509, CVE-2017-5510)

  - coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper
    cast, which triggers a heap-based buffer overflow. (CVE-2017-5511)

  - The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote
    attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per
    pixel value in a CMYKA TIFF file. (CVE-2017-6335)

  - An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer
    dereference (thus, a DoS). (CVE-2017-6497)

  - An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus
    leading to DoS. (CVE-2017-6498)

  - An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested
    exception could lead to a memory leak (thus, a DoS). (CVE-2017-6499)

  - An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer
    over-read. (CVE-2017-6500)

  - An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer
    dereference. (CVE-2017-6501)

  - An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-
    descriptor leak in libmagickcore (thus, a DoS). (CVE-2017-6502)

  - The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial
    of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this
    vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. (CVE-2017-7275)

  - coders/rle.c in ImageMagick 7.0.5-4 has an outside the range of representable values of type unsigned
    char undefined behavior issue, which might allow remote attackers to cause a denial of service
    (application crash) or possibly have unspecified other impact via a crafted image. (CVE-2017-7606)

  - In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of
    the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI,
    ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv. (CVE-2017-7619)

  - The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of
    available memory via a crafted file. (CVE-2017-7941)

  - The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of
    available memory via a crafted file. (CVE-2017-7942)

  - The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of
    available memory via a crafted file. (CVE-2017-7943)

  - In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8343)

  - In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8344)

  - In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8345)

  - In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8346)

  - In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8347)

  - In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8348)

  - In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8349)

  - In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8350)

  - In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8351)

  - In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8352)

  - In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8353)

  - In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8354)

  - In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8355)

  - In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8356)

  - In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-8357)

  - The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability
    which can cause memory exhaustion via a crafted ICON file. (CVE-2017-8765)

  - In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of
    service (memory leak) via a crafted file. (CVE-2017-8830)

  - ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder,
    allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote
    attacks against ImageMagick code in a long-running server process that converts image data on behalf of
    multiple users. This is caused by a missing initialization step in the ReadRLEImage function in
    coders/rle.c. (CVE-2017-9098)

  - In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the
    ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage
    function in coders/dds.c. (CVE-2017-9141)

  - In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in
    MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
    (CVE-2017-9142)

  - In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of
    service (memory leak) via a crafted .art file. (CVE-2017-9143)

  - In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in
    coders/rle.c. (CVE-2017-9144)

  - In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial
    of service (memory leak) via a crafted file. (CVE-2017-9261)

  - In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial
    of service (memory leak) via a crafted file. (CVE-2017-9262)

  - In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of
    service (memory leak) via a crafted file. (CVE-2017-9405)

  - In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-9407)

  - In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service
    (memory leak) via a crafted file. (CVE-2017-9409)

  - In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows
    attackers to cause a denial of service via a crafted file. (CVE-2017-9439)

  - In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which
    allows attackers to cause a denial of service via a crafted file. (CVE-2017-9440)

  - In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes,
    which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9499)

  - In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator,
    which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9500)

  - In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows
    attackers to cause a denial of service via a crafted file. (CVE-2017-9501)

  - In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c
    file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng
    file. (CVE-2018-10177)

  - ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. (CVE-2018-10804)

  - ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. (CVE-2018-10805)

  - In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in
    coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
    (CVE-2018-11656)

  - In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out
    of bounds write via a crafted file. (CVE-2018-12599)

  - In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out
    of bounds write via a crafted file. (CVE-2018-12600)

  - In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
    (CVE-2018-13153)

  - ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. (CVE-2018-14434)

  - ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. (CVE-2018-14435)

  - ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. (CVE-2018-14436)

  - ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. (CVE-2018-14437)

  - In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36
    0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory
    resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could
    leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2018-15607)

  - ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an
    XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process
    that includes sensitive information, that information sometimes can be leaked via the image data.
    (CVE-2018-16323)

  - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in
    MagickCore/log.c. (CVE-2018-16328)

  - In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in
    MagickCore/property.c. (CVE-2018-16329)

  - ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
    (CVE-2018-16640)

  - The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial
    of service via a crafted image file due to an out-of-bounds write. (CVE-2018-16642)

  - The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c,
    and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc
    function, which allows remote attackers to cause a denial of service via a crafted image file.
    (CVE-2018-16643)

  - There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of
    coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a
    crafted image. (CVE-2018-16644)

  - There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and
    ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of
    service via a crafted image file. (CVE-2018-16645)

  - In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an
    attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted
    file. (CVE-2018-16749)

  - In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c
    was found. (CVE-2018-16750)

  - ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. (CVE-2018-17966)

  - ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. (CVE-2018-17967)

  - ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. (CVE-2018-18016)

  - In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c
    file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp
    file. (CVE-2018-18024)

  - There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the
    function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. (CVE-2018-18544)

  - In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang,
    with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial
    of service via a crafted file. (CVE-2018-20467)

  - In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
    (CVE-2018-5246)

  - In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. (CVE-2018-5247)

  - ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. (CVE-2018-5357)

  - In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and
    bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a
    memory leak. This allows remote attackers to cause a denial of service. (CVE-2018-6405)

  - The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other
    products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a
    crafted bmp image. (CVE-2018-6876)

  - A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of
    ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a
    maliciously crafted pict file. (CVE-2018-6930)

  - The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the
    amount of image data in a file, which allows remote attackers to cause a denial of service (memory
    allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). (CVE-2018-7443)

  - An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c
    allows attackers to cause a denial of service (segmentation violation) via a crafted file. (CVE-2018-7470)

  - WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of
    service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact
    via a crafted file. (CVE-2018-8804)

  - An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the
    formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end
    of the buffer or to crash the program. (CVE-2019-10131)

  - In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of
    coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a
    crafted image file. (CVE-2019-10650)

  - LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading
    to a SIGSEGV. (CVE-2019-10714)

  - The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service
    (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This
    occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
    (CVE-2019-11470)

  - ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows
    attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the
    header indicates neither LSB first nor MSB first. (CVE-2019-11472)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of
    coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure
    via a crafted image file. (CVE-2019-11597)

  - In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of
    coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via
    a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. (CVE-2019-11598)

  - A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage
    in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted
    image. (CVE-2019-12974)

  - ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
    (CVE-2019-12975)

  - ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c. (CVE-2019-12976)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the WriteJP2Image function in
    coders/jp2.c. (CVE-2019-12977)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the ReadPANGOImage function in
    coders/pango.c. (CVE-2019-12978)

  - ImageMagick 7.0.8-34 has a use of uninitialized value vulnerability in the SyncImageSettings function in
    MagickCore/image.c. This is related to AcquireImage in magick/image.c. (CVE-2019-12979)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
    (CVE-2019-13133)

  - ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in
    coders/viff.c. (CVE-2019-13134)

  - ImageMagick before 7.0.8-50 has a use of uninitialized value vulnerability in the function ReadCUTImage
    in coders/cut.c. (CVE-2019-13135)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in
    AdaptiveThresholdImage because a width of zero is mishandled. (CVE-2019-13295)

  - ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in
    CLIListOperatorImages in MagickWand/operation.c for a NULL value. (CVE-2019-13296)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in
    AdaptiveThresholdImage because a height of zero is mishandled. (CVE-2019-13297)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in
    SetPixelViaPixelInfo because of a MagickCore/enhance.c error. (CVE-2019-13298)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in
    GetPixelChannel. (CVE-2019-13299)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages
    because of mishandling columns. (CVE-2019-13300)

  - ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
    (CVE-2019-13301)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
    (CVE-2019-13303)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a
    misplaced assignment. (CVE-2019-13304)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a
    misplaced strncpy and an off-by-one error. (CVE-2019-13305)

  - ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of
    off-by-one errors. (CVE-2019-13306)

  - ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages
    because of mishandling rows. (CVE-2019-13307)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage
    error in CLIListOperatorImages in MagickWand/operation.c. (CVE-2019-13309)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in
    MagickWand/mogrify.c. (CVE-2019-13310)

  - ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
    (CVE-2019-13311)

  - ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
    (CVE-2019-13454)

  - In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in
    the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14980)

  - In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in
    the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
    (CVE-2019-14981)

  - The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows
    attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in
    ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than
    CVE-2019-11472. (CVE-2019-15139)

  - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-
    free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that
    is mishandled in ReadImage in MagickCore/constitute.c. (CVE-2019-15140)

  - WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service
    (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to
    TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in
    tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
    (CVE-2019-15141)

  - ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. (CVE-2019-16708)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. (CVE-2019-16709)

  - ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in
    MagickCore/memory.c. (CVE-2019-16710)

  - ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. (CVE-2019-16711)

  - ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by
    WritePS3Image. (CVE-2019-16712)

  - ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in
    MagickCore/constitute.c. (CVE-2019-16713)

  - ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
    (CVE-2019-17540)

  - ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the
    error manager is mishandled in coders/jpeg.c. (CVE-2019-17541)

  - ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is
    not properly restricted in coders/svg.c, related to SVG and libxml2. (CVE-2019-18853)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of
    coders/sgi.c. (CVE-2019-19948)

  - In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of
    coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. (CVE-2019-19949)

  - In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. (CVE-2019-7175)

  - In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in
    WritePDFImage in coders/pdf.c. (CVE-2019-7397)

  - In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. (CVE-2019-7398)

  - In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of
    coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image
    file. (CVE-2019-9956)

  - ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in
    MagickCore/string.c during TIFF image decoding. (CVE-2020-13902)

  - Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick
    7.0.10-7. (CVE-2020-19667)

  - A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a
    subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was
    called. This could occur if an attacker is able to submit a malicious image file to be processed by
    ImageMagick and could lead to denial of service. It likely would not lead to anything further because the
    memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior
    to 7.0.9-0. (CVE-2020-25663)

  - In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and
    memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is
    called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially
    crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick
    versions prior to 6.9.10-68 and 7.0.8-68. (CVE-2020-25664)

  - The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine
    WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the
    routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause
    impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-25665)

  - There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible
    during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch
    uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application
    reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick
    versions prior to 7.0.9-0. (CVE-2020-25666)

  - TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it
    searches for `dc:format=\image/dng\` within `profile` due to improper string handling, when a crafted
    input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to
    remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick
    versions prior to 7.0.9-0. (CVE-2020-25667)

  - WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that
    can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the
    colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass
    invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to
    MagickMin() to ensure the proper value is used. This could impact application availability when a
    specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to
    7.0.8-68. (CVE-2020-25674)

  - In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations
    performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow
    and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative
    impact to application availability or other problems related to undefined behavior, in cases where
    ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the
    pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
    (CVE-2020-25675)

  - In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and
    InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained
    pixel offset calculations which were being used with the floor() function. These calculations produced
    undefined behavior in the form of out-of-range and integer overflows, as identified by
    UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is
    able to supply a crafted input file to be processed by ImageMagick. These issues could impact application
    availability or potentially cause other problems related to undefined behavior. This flaw affects
    ImageMagick versions prior to 7.0.9-0. (CVE-2020-25676)

  - ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may
    cause a denial of service. (CVE-2020-27560)

  - A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker
    who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form
    of values outside the range of type `unsigned char` and math division by zero. This would most likely lead
    to an impact to application availability, but could potentially cause other problems related to undefined
    behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27750)

  - A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file
    that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range
    of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would
    most likely lead to an impact to application availability, but could potentially cause other problems
    related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27751)

  - A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file
    that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an
    impact to application availability, but could potentially lead to an impact to data integrity as well.
    This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27752)

  - There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values,
    which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact
    to application availability or cause a denial of service. It was originally reported that the issues were
    in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves
    issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This
    flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27753)

  - In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return
    overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the
    patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be
    within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to
    6.9.10-69 and 7.0.8-69. (CVE-2020-27754)

  - in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because
    the code which checks for the proper image depth size does not reset the size in the event there is an
    invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak
    can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to
    application reliability, such as denial of service. This flaw affects ImageMagick versions prior to
    7.0.9-0. (CVE-2020-27755)

  - In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-
    by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input
    file processed by ImageMagick and could impact application availability. The patch uses multiplication in
    addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions.
    This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27756)

  - A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to
    undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be
    triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat
    Product Security marked this as Low because although it could potentially lead to an impact to application
    availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to
    7.0.8-68. (CVE-2020-27757)

  - A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed
    by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned
    long long`. This would most likely lead to an impact to application availability, but could potentially
    cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
    7.0.8-68. (CVE-2020-27758)

  - In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned,
    which in some cases caused a value outside the range of type `int` to be returned. The flaw could be
    triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product
    Security marked this as Low severity because although it could potentially lead to an impact to
    application availability, no specific impact was shown in this case. This flaw affects ImageMagick
    versions prior to 7.0.8-68. (CVE-2020-27759)

  - In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a
    divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an
    impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-
    zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
    (CVE-2020-27760)

  - WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to
    values outside the range of representable type `unsigned long` undefined behavior when a crafted input
    file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat
    Product Security marked the Severity as Low because although it could potentially lead to an impact to
    application availability, no specific impact was shown in this case. This flaw affects ImageMagick
    versions prior to ImageMagick 7.0.9-0. (CVE-2020-27761)

  - A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed
    by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned
    char`. This would most likely lead to an impact to application availability, but could potentially cause
    other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick
    7.0.8-68. (CVE-2020-27762)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would
    most likely lead to an impact to application availability, but could potentially cause other problems
    related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. (CVE-2020-27763)

  - In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should
    have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input
    file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it
    could potentially lead to an impact to application availability, no specific impact was shown in this
    case. This flaw affects ImageMagick versions prior to 6.9.10-69. (CVE-2020-27764)

  - A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would
    most likely lead to an impact to application availability, but could potentially cause other problems
    related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27765)

  - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type
    `unsigned long`. This would most likely lead to an impact to application availability, but could
    potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions
    prior to 7.0.8-69. (CVE-2020-27766)

  - A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types
    `float` and `unsigned char`. This would most likely lead to an impact to application availability, but
    could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick
    versions prior to 7.0.9-0. (CVE-2020-27767)

  - In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at
    MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27768)

  - In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type
    'float' at MagickCore/quantize.c. (CVE-2020-27769)

  - Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in
    SubstituteString(), causing potential impact to application availability. This could be triggered by a
    crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to
    7.0.8-68. (CVE-2020-27770)

  - In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could
    result in values outside the range of representable for the unsigned char type. The patch casts the return
    value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered
    when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity
    because although it could potentially lead to an impact to application availability, no specific impact
    was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. (CVE-2020-27771)

  - A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed
    by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned
    int`. This would most likely lead to an impact to application availability, but could potentially cause
    other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
    (CVE-2020-27772)

  - A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that
    is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of
    type `unsigned char` or division by zero. This would most likely lead to an impact to application
    availability, but could potentially cause other problems related to undefined behavior. This flaw affects
    ImageMagick versions prior to 7.0.9-0. (CVE-2020-27773)

  - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type
    `ssize_t`. This would most likely lead to an impact to application availability, but could potentially
    cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
    7.0.9-0. (CVE-2020-27774)

  - A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type
    unsigned char. This would most likely lead to an impact to application availability, but could potentially
    cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
    7.0.9-0. (CVE-2020-27775)

  - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type
    unsigned long. This would most likely lead to an impact to application availability, but could potentially
    cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to
    7.0.9-0. (CVE-2020-27776)

  - A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in
    ImageMagick before 7.0.10-45. (CVE-2020-27829)

  - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows
    setting a password for password-protected PDF files. The user-controlled password was not properly
    escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
    (CVE-2020-29599)

  - A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an
    attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through
    a division by zero. The highest threat from this vulnerability is to system availability. (CVE-2021-20176)

  - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn
    by its CNA. Further investigation showed that it was not a security issue. Notes: none (CVE-2021-20189)

  - A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed
    by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat
    from this vulnerability is to system availability. (CVE-2021-20241)

  - A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The
    highest threat from this vulnerability is to system availability. (CVE-2021-20243)

  - A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file
    that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero.
    The highest threat from this vulnerability is to system availability. (CVE-2021-20244)

  - A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed
    by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat
    from this vulnerability is to system availability. (CVE-2021-20245)

  - A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is
    processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The
    highest threat from this vulnerability is to system availability. (CVE-2021-20246)

  - A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz()
    of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an
    attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is
    to system availability. (CVE-2021-20310)

  - A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in
    sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image
    file that is submitted by an attacker processed by an application using ImageMagick. The highest threat
    from this vulnerability is to system availability. (CVE-2021-20311)

  - A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of
    coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an
    attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is
    to system availability. (CVE-2021-20312)

  - A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage()
    in coders/svg.c. This issue is due to not checking the return value from libxml2's
    xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
    (CVE-2021-3596)

  - ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you
    may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and
    in certain cases, Postscript files could be read and written when specifically excluded by a `module`
    policy in `policy.xml`. ex. <policy domain=module rights=none pattern=PS />. The issue has been
    resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module`
    policy and instead use the `coder` policy that is also our workaround recommendation: <policy
    domain=coder rights=none pattern={PS,EPI,EPS,EPSF,EPSI} />. (CVE-2021-39212)

  - A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads
    to a denial of service. This flaw allows an attacker to crash the system. (CVE-2021-4219)

  - In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in
    MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This
    was fixed in upstream ImageMagick version 7.1.0-30. (CVE-2022-2719)

  - A vulnerability was found in ImageMagick, causing an outside the range of representable values of type
    'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative
    impact to application availability or other problems related to undefined behavior. (CVE-2022-32546)

  - In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and
    for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted
    input is processed by ImageMagick, this causes a negative impact to application availability or other
    problems related to undefined behavior. (CVE-2022-32547)

  - ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize),
    the convert process could be left waiting for stdin input. (CVE-2022-44267)

  - ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for
    resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary
    has permissions to read it). (CVE-2022-44268)

  - A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of
    service via the identify -help command. (CVE-2022-48541)

  - A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a
    segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to
    a segmentation fault, generating many trash files in /tmp, resulting in a denial of service. When
    ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file
    contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of
    size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will
    generate about 10G. (CVE-2023-1289)

  - A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the
    application crashing. (CVE-2023-2157)

  - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting
    double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). (CVE-2023-34151)

  - A vulnerability was found in ImageMagick. This security flaw causes a shell command injection
    vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. (CVE-2023-34153)

  - A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow
    a local attacker to trick the user into opening a specially crafted file, resulting in an application
    crash and denial of service. (CVE-2023-3428)

  - A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-
    private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file,
    triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of
    service. (CVE-2023-3745)

  - ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in
    Magick::Draw. (CVE-2023-39978)

  - A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. (CVE-2023-5341)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19952");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ImageMagick");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'ImageMagick', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'ImageMagick'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ImageMagick');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuximagemagickp-cpe:/a:redhat:enterprise_linux:imagemagick

References