SUSE CVE-2014-9824

Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825...

SUSE CVE-2015-0811

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service out-of-bounds read via an image that is improperly handled during transformation...

SUSE CVE-2015-8898

The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted image file...

SUSE CVE-2016-6235

The setupimginfojpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service segmentation fault via a crafted jpeg file...

SUSE CVE-2016-7516

The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted VIFF file...

SUSE CVE-2016-10065

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service application crash or have other unspecified impact via a crafted file...

SUSE CVE-2017-5014

Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

SUSE CVE-2017-11339

There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack...

SUSE CVE-2017-13132

In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service assertion failure in WriteBlobStream in MagickCore/blob.c via a crafted file...

SUSE CVE-2017-15016

ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c...

SUSE CVE-2017-15281

ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised values."...

SUSE CVE-2018-20467

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

SUSE CVE-2019-13295

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled...

SUSE CVE-2020-6624

jhead through 3.04 has a heap-based buffer over-read in processDQT in jpgqguess.c...

SUSE CVE-2020-25664

In WriteOnePNGImage of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory and memset allows for an out-of-bounds write later when PopShortPixel from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply ...

SUSE CVE-2020-27770

Due to a missing check for 0 value of replaceextent, it is possible for offset p to overflow in SubstituteString, causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to...

SUSE CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt and uses the value directly, which leads to a crash and segmentation fault...

SUSE CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

SUSE CVE-2021-20310

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from thi...

SUSE CVE-2021-20312

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...