Linux Distros Unpatched Vulnerability : CVE-2026-28686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow...

Linux Distros Unpatched Vulnerability : CVE-2020-25666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb...

Linux Distros Unpatched Vulnerability : CVE-2020-25665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can...

CVE-2020-27757

A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by...

Heap overflow

WriteOnePNGImage from coders/png.c the PNG coder has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times,...

Design/Logic Flaw

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...

CVE-2020-25666

There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and count value for a color. The patch uses casts to ssizet type for these calculations, instead of int. This flaw could impact...

CVE-2020-25675

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

CVE-2020-27756

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...

CVE-2020-25676

In CatromWeights, MeshInterpolate, InterpolatePixelChannel, InterpolatePixelChannels, and InterpolatePixelInfo, which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor function. These calculations produced...

Input validation

In RestoreMSCWarning of /coders/pdf.c there are several areas where calls to GetPixelIndex could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex to ssizet type to avoid this bug. This undefined behavior could be...

CVE-2020-27765

A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause...

CVE-2020-27773

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. This would most likely lead to an impact to...

CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

CVE-2020-27759

In IntensityCompare of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type int to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat...

CVE-2020-27759

In IntensityCompare of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type int to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat...

PT-2017-12931 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.7-10 Description: The issue causes a crash when image dimensions are too large, instead of reporting a "width or height exceeds limit" error. This can be demonstrated using the mpc coder. Recommendations: For...

CVE-2006-5868

Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image...