Remote Code Execution (RCE)

ImageMagick is vulnerable to remote code execution RCE. The library does not sanitize certain user inputs, allowing a malicious user to pass a malicious image to the system for file conversion to trigger the execution of arbitrary code. This is also known as the ImageTragick vulnerability...

GhostScript Sandbox Bypass Vulnerability

GhostScript is an interpreter for PostScript and Portable Document Format PDF files. A sandbox bypass vulnerability exists in GhostScript. An attacker can cause command execution by constructing malicious image content...

Cisco IOS XE Software Digital Signature Authentication Bypass Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A digital signature verification bypass vulnerability exists in the Image Verification feature of Cisco IOS XE Software, which arises from a failure of the affected software to properly verify the electronic...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attack. The attack exists because of the failure in checking length of the image against the GetBlobSizeimage in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c, allowing the attacker to trigger the attack sending a...

GhostScript Sandbox Bypass (Command Execution) Vulnerability

GhostScript is an interpreter for PostScript and Portable Document Format PDF files. GhostScript is vulnerable to a sandbox bypass command execution vulnerability that can be caused by constructing malicious image content...

CVE-2017-2575

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attack. Sending a malicious image file to the ReadTXTImage function in coders/txt.c leads to a huge CPU consumption...

CVE-2018-8815

Cross-site scripting XSS vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image...

CVE-2018-7188

An XSS vulnerability via an SVG image in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service DoS attacks. When attackers input malicious image files, it causes a NULL pointer dereference issue in the ReadCUTImage function in coders/cut.c...

ImageMagick Remote Code Execution Vulnerability (CNVD-2017-25059)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A remote code execution vulnerability exists in the 'ReadOneMNGImage' function in the coders/png.c file in versions of...

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

Remote code execution

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

Denial Of Service (DoS) Via Memory Leak

ImageMagick is vulnerable to denial of service DoS. This is because the ReadJNGImage function in png.c allows attackers to cause memory leak via a malicious image file...

Denial Of Service (DoS)

ImageMagick is vulnerable to denial-of-service DoS attacks. The library contains a double free bug, allowing a malicious user to pass a malicious image to the system and cause the system to crash...

Arbitrary File Deletion

ImageMagick is vulnerable to arbitrary file deletion. A malicious user can exploit the library's ephemereal protocol and send a malicious image to the system, allowing the malicious user to delete arbitrary files...

Denial Of Service (DoS) Through A Buffer Overflow

ImageMagick is vulnerable to buffer overflows. A malicious user can use the buffer overflow to trigger a denial of service via a malicious image...

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...