LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2003-0555
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0555

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2004-0802
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0802

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2004-0817
CVE STATUS: Patched
CVE SUMMARY: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0817

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2004-0827
CVE STATUS: Patched
CVE SUMMARY: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0827

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2004-0981
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0981

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-0005
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0005

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-0397
CVE STATUS: Patched
CVE SUMMARY: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0397

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-0759
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0759

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-0760
CVE STATUS: Patched
CVE SUMMARY: The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0760

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-0761
CVE STATUS: Patched
CVE SUMMARY: Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0761

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-0762
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0762

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-1275
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1275

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-1739
CVE STATUS: Patched
CVE SUMMARY: The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1739

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-3582
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
CVSS v2 BASE SCORE: 7.2
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3582

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2005-4601
CVE STATUS: Patched
CVE SUMMARY: The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4601

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-0082
CVE STATUS: Patched
CVE SUMMARY: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0082

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-2440
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2440

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-3743
CVE STATUS: Patched
CVE SUMMARY: Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3743

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-3744
CVE STATUS: Patched
CVE SUMMARY: Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-3744

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-4144
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.
CVSS v2 BASE SCORE: 2.6
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4144

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-5456
CVE STATUS: Patched
CVE SUMMARY: Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
CVSS v2 BASE SCORE: 5.1
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:H/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5456

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2006-5868
CVE STATUS: Patched
CVE SUMMARY: Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5868

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2007-0770
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-0770

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2007-1797
CVE STATUS: Patched
CVE SUMMARY: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1797

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2007-4985
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4985

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2007-4986
CVE STATUS: Patched
CVE SUMMARY: Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4986

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2007-4987
CVE STATUS: Patched
CVE SUMMARY: Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4987

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2007-4988
CVE STATUS: Patched
CVE SUMMARY: Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4988

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2008-1096
CVE STATUS: Patched
CVE SUMMARY: The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1096

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2008-1097
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1097

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2009-1882
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow.  NOTE: some of these details are obtained from third party information.
CVSS v2 BASE SCORE: 9.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1882

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2010-4167
CVE STATUS: Patched
CVE SUMMARY: Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.
CVSS v2 BASE SCORE: 6.9
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:M/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4167

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-0247
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0247

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-0248
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0248

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-0259
CVE STATUS: Patched
CVE SUMMARY: The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0259

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-0260
CVE STATUS: Patched
CVE SUMMARY: The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0260

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-1185
CVE STATUS: Patched
CVE SUMMARY: Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1185

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-1186
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1186

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-1610
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1610

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-1798
CVE STATUS: Patched
CVE SUMMARY: The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1798

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2012-3437
CVE STATUS: Patched
CVE SUMMARY: The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3437

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2013-4298
CVE STATUS: Patched
CVE SUMMARY: The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4298

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-1947
CVE STATUS: Patched
CVE SUMMARY: Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different vulnerability than CVE-2014-2030.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1947

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-1958
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-2030.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1958

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-2030
CVE STATUS: Patched
CVE SUMMARY: Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2030

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-8354
CVE STATUS: Patched
CVE SUMMARY: The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8354

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-8355
CVE STATUS: Patched
CVE SUMMARY: PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8355

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-8561
CVE STATUS: Patched
CVE SUMMARY: imagemagick 6.8.9.6 has remote DOS via infinite loop
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8561

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-8562
CVE STATUS: Patched
CVE SUMMARY: DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8562

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-8716
CVE STATUS: Patched
CVE SUMMARY: The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
CVSS v2 BASE SCORE: 2.1
CVSS v3 BASE SCORE: 6.2
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8716

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9804
CVE STATUS: Unpatched
CVE SUMMARY: vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9804

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9805
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9805

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9806
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9806

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9807
CVE STATUS: Unpatched
CVE SUMMARY: The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9807

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9808
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9808

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9809
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9809

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9810
CVE STATUS: Unpatched
CVE SUMMARY: The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9810

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9811
CVE STATUS: Unpatched
CVE SUMMARY: The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9811

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9812
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9812

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9813
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9813

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9814
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9814

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9815
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9815

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9816
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9816

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9817
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9817

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9818
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9818

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9819
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9819

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9820
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9820

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9821
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9821

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9822
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9822

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9823
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9823

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9824
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9824

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9825
CVE STATUS: Unpatched
CVE SUMMARY: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9825

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9826
CVE STATUS: Unpatched
CVE SUMMARY: ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9826

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9827
CVE STATUS: Unpatched
CVE SUMMARY: coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9827

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9828
CVE STATUS: Unpatched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9828

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9829
CVE STATUS: Unpatched
CVE SUMMARY: coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9829

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9830
CVE STATUS: Unpatched
CVE SUMMARY: coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9830

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9831
CVE STATUS: Unpatched
CVE SUMMARY: coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9831

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9832
CVE STATUS: Patched
CVE SUMMARY: Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9832

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9833
CVE STATUS: Patched
CVE SUMMARY: Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9833

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9834
CVE STATUS: Patched
CVE SUMMARY: Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9834

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9835
CVE STATUS: Patched
CVE SUMMARY: Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9835

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9836
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9836

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9837
CVE STATUS: Patched
CVE SUMMARY: coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9837

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9838
CVE STATUS: Patched
CVE SUMMARY: magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9838

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9839
CVE STATUS: Patched
CVE SUMMARY: magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9839

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9840
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9840

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9841
CVE STATUS: Patched
CVE SUMMARY: The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9841

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9842
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9842

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9843
CVE STATUS: Patched
CVE SUMMARY: The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9843

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9844
CVE STATUS: Patched
CVE SUMMARY: The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9844

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9845
CVE STATUS: Patched
CVE SUMMARY: The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9845

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9846
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9846

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9847
CVE STATUS: Patched
CVE SUMMARY: The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9847

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9848
CVE STATUS: Unpatched
CVE SUMMARY: Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9848

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9849
CVE STATUS: Patched
CVE SUMMARY: The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9849

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9850
CVE STATUS: Patched
CVE SUMMARY: Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9850

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9851
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9851

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9852
CVE STATUS: Unpatched
CVE SUMMARY: distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9852

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9853
CVE STATUS: Unpatched
CVE SUMMARY: Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9853

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9854
CVE STATUS: Unpatched
CVE SUMMARY: coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9854

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9907
CVE STATUS: Unpatched
CVE SUMMARY: coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9907

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2014-9915
CVE STATUS: Patched
CVE SUMMARY: Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9915

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8894
CVE STATUS: Patched
CVE SUMMARY: Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8894

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8895
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8895

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8896
CVE STATUS: Patched
CVE SUMMARY: Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8896

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8897
CVE STATUS: Patched
CVE SUMMARY: The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8897

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8898
CVE STATUS: Patched
CVE SUMMARY: The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8898

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8900
CVE STATUS: Patched
CVE SUMMARY: The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8900

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8901
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8901

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8902
CVE STATUS: Patched
CVE SUMMARY: The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8902

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8903
CVE STATUS: Patched
CVE SUMMARY: The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8903

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8957
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8957

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8958
CVE STATUS: Patched
CVE SUMMARY: coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8958

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2015-8959
CVE STATUS: Patched
CVE SUMMARY: coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8959

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10046
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10046

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10047
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10047

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10048
CVE STATUS: Patched
CVE SUMMARY: Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10048

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10049
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10049

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10050
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10050

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10051
CVE STATUS: Patched
CVE SUMMARY: Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10051

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10052
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10052

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10053
CVE STATUS: Patched
CVE SUMMARY: The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10053

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10054
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10054

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10055
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10055

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10056
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10056

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10057
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10057

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10058
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10058

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10059
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10059

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10060
CVE STATUS: Patched
CVE SUMMARY: The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10060

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10061
CVE STATUS: Patched
CVE SUMMARY: The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10061

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10062
CVE STATUS: Unpatched
CVE SUMMARY: The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10062

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10063
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10063

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10064
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10064

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10065
CVE STATUS: Patched
CVE SUMMARY: The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10065

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10066
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10066

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10067
CVE STATUS: Patched
CVE SUMMARY: magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10067

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10068
CVE STATUS: Patched
CVE SUMMARY: The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10068

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10069
CVE STATUS: Patched
CVE SUMMARY: coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10069

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10070
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10070

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10071
CVE STATUS: Patched
CVE SUMMARY: coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10071

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10144
CVE STATUS: Unpatched
CVE SUMMARY: coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10144

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10145
CVE STATUS: Unpatched
CVE SUMMARY: Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10145

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10146
CVE STATUS: Unpatched
CVE SUMMARY: Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10146

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-10252
CVE STATUS: Patched
CVE SUMMARY: Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as used in ODR-PadEnc and other products, allows attackers to trigger memory consumption.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10252

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-3714
CVE STATUS: Patched
CVE SUMMARY: The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 8.4
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3714

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-3715
CVE STATUS: Patched
CVE SUMMARY: The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3715

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-3716
CVE STATUS: Patched
CVE SUMMARY: The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3716

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-3717
CVE STATUS: Patched
CVE SUMMARY: The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:C/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3717

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-3718
CVE STATUS: Patched
CVE SUMMARY: The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3718

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-4562
CVE STATUS: Patched
CVE SUMMARY: The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4562

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-4563
CVE STATUS: Patched
CVE SUMMARY: The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4563

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-4564
CVE STATUS: Patched
CVE SUMMARY: The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4564

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5010
CVE STATUS: Patched
CVE SUMMARY: coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5010

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5118
CVE STATUS: Unpatched
CVE SUMMARY: The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5118

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5239
CVE STATUS: Patched
CVE SUMMARY: The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5239

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5687
CVE STATUS: Patched
CVE SUMMARY: The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5687

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5688
CVE STATUS: Patched
CVE SUMMARY: The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5688

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5689
CVE STATUS: Patched
CVE SUMMARY: The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5689

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5690
CVE STATUS: Patched
CVE SUMMARY: The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5690

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5691
CVE STATUS: Patched
CVE SUMMARY: The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5691

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5841
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5841

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-5842
CVE STATUS: Patched
CVE SUMMARY: MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5842

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-6491
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6491

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-6520
CVE STATUS: Patched
CVE SUMMARY: Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 9.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6520

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-6823
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6823

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7101
CVE STATUS: Patched
CVE SUMMARY: The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7101

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7513
CVE STATUS: Unpatched
CVE SUMMARY: Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7513

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7514
CVE STATUS: Unpatched
CVE SUMMARY: The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7514

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7515
CVE STATUS: Patched
CVE SUMMARY: The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7515

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7516
CVE STATUS: Patched
CVE SUMMARY: The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7516

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7517
CVE STATUS: Patched
CVE SUMMARY: The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7517

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7518
CVE STATUS: Patched
CVE SUMMARY: The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7518

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7519
CVE STATUS: Patched
CVE SUMMARY: The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7519

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7520
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7520

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7521
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7521

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7522
CVE STATUS: Patched
CVE SUMMARY: The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7522

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7523
CVE STATUS: Patched
CVE SUMMARY: coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7523

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7524
CVE STATUS: Patched
CVE SUMMARY: coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7524

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7525
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7525

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7526
CVE STATUS: Patched
CVE SUMMARY: coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7526

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7527
CVE STATUS: Patched
CVE SUMMARY: coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7527

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7528
CVE STATUS: Patched
CVE SUMMARY: The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7528

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7529
CVE STATUS: Patched
CVE SUMMARY: coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7529

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7530
CVE STATUS: Patched
CVE SUMMARY: The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7530

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7531
CVE STATUS: Unpatched
CVE SUMMARY: MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7531

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7532
CVE STATUS: Unpatched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7532

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7533
CVE STATUS: Patched
CVE SUMMARY: The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7533

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7534
CVE STATUS: Patched
CVE SUMMARY: The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7534

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7535
CVE STATUS: Patched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7535

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7536
CVE STATUS: Patched
CVE SUMMARY: magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7536

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7537
CVE STATUS: Patched
CVE SUMMARY: MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7537

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7538
CVE STATUS: Unpatched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7538

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7539
CVE STATUS: Patched
CVE SUMMARY: Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7539

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7540
CVE STATUS: Patched
CVE SUMMARY: coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7540

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7799
CVE STATUS: Patched
CVE SUMMARY: MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7799

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-7906
CVE STATUS: Patched
CVE SUMMARY: magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7906

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-8677
CVE STATUS: Patched
CVE SUMMARY: The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8677

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-8678
CVE STATUS: Patched
CVE SUMMARY: The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says "This is a Q64 issue and we do not support Q64."
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8678

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-8707
CVE STATUS: Patched
CVE SUMMARY: An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8707

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-8862
CVE STATUS: Patched
CVE SUMMARY: The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8862

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-8866
CVE STATUS: Patched
CVE SUMMARY: The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8866

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-9298
CVE STATUS: Patched
CVE SUMMARY: Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9298

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-9556
CVE STATUS: Patched
CVE SUMMARY: The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9556

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-9559
CVE STATUS: Patched
CVE SUMMARY: coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9559

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2016-9773
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9773

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-1000445
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000445

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-1000476
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000476

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-10928
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10928

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-10995
CVE STATUS: Patched
CVE SUMMARY: The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10995

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11141
CVE STATUS: Patched
CVE SUMMARY: The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11141

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11166
CVE STATUS: Patched
CVE SUMMARY: The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11166

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11170
CVE STATUS: Patched
CVE SUMMARY: The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11170

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11188
CVE STATUS: Patched
CVE SUMMARY: The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11188

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11310
CVE STATUS: Patched
CVE SUMMARY: The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11310

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11352
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11352

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11360
CVE STATUS: Patched
CVE SUMMARY: The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11360

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11446
CVE STATUS: Patched
CVE SUMMARY: The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11446

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11447
CVE STATUS: Patched
CVE SUMMARY: The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11447

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11448
CVE STATUS: Patched
CVE SUMMARY: The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11448

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11449
CVE STATUS: Patched
CVE SUMMARY: coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11449

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11450
CVE STATUS: Patched
CVE SUMMARY: coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11450

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11478
CVE STATUS: Patched
CVE SUMMARY: The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11478

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11505
CVE STATUS: Patched
CVE SUMMARY: The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11505

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11522
CVE STATUS: Patched
CVE SUMMARY: The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11522

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11523
CVE STATUS: Patched
CVE SUMMARY: The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11523

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11524
CVE STATUS: Patched
CVE SUMMARY: The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11524

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11525
CVE STATUS: Patched
CVE SUMMARY: The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11525

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11526
CVE STATUS: Patched
CVE SUMMARY: The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11526

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11527
CVE STATUS: Patched
CVE SUMMARY: The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11527

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11528
CVE STATUS: Patched
CVE SUMMARY: The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11528

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11529
CVE STATUS: Patched
CVE SUMMARY: The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11529

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11530
CVE STATUS: Patched
CVE SUMMARY: The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11530

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11531
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11531

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11532
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11532

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11533
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11533

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11534
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11534

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11535
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11535

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11536
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11536

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11537
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11537

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11538
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11538

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11539
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11539

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11540
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11540

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11639
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11639

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11640
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11640

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11644
CVE STATUS: Patched
CVE SUMMARY: When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11644

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11724
CVE STATUS: Patched
CVE SUMMARY: The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11724

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11750
CVE STATUS: Patched
CVE SUMMARY: The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11750

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11751
CVE STATUS: Patched
CVE SUMMARY: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11751

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11752
CVE STATUS: Patched
CVE SUMMARY: The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11752

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11753
CVE STATUS: Patched
CVE SUMMARY: The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11753

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11754
CVE STATUS: Patched
CVE SUMMARY: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11754

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-11755
CVE STATUS: Patched
CVE SUMMARY: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11755

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12140
CVE STATUS: Patched
CVE SUMMARY: The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12140

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12418
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12418

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12427
CVE STATUS: Patched
CVE SUMMARY: The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12427

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12428
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12428

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12429
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12429

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12430
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12430

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12431
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12431

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12432
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12432

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12433
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12433

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12434
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12434

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12435
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12435

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12563
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12563

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12564
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12564

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12565
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12565

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12566
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12566

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12587
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12587

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12640
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12640

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12641
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12641

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12642
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12642

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12643
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12643

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12644
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12644

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12654
CVE STATUS: Patched
CVE SUMMARY: The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12654

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12662
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12662

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12663
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12663

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12664
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12664

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12665
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12665

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12666
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12666

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12667
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12667

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12668
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12668

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12669
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12669

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12670
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12670

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12671
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12671

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12672
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12672

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12673
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12673

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12674
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12674

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12675
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12675

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12676
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12676

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12691
CVE STATUS: Patched
CVE SUMMARY: The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12691

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12692
CVE STATUS: Patched
CVE SUMMARY: The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12692

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12693
CVE STATUS: Patched
CVE SUMMARY: The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12693

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12805
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12805

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12806
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12806

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12875
CVE STATUS: Patched
CVE SUMMARY: The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12875

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12876
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12876

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12877
CVE STATUS: Patched
CVE SUMMARY: Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12877

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-12983
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12983

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13058
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13058

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13059
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13059

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13060
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13060

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13061
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13061

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13062
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13062

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13131
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13131

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13132
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13132

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13133
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13133

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13134
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13134

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13139
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13139

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13140
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13140

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13141
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13141

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13142
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13142

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13143
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13143

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13144
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13144

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13145
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13145

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13146
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13146

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13658
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13658

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13758
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13758

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13768
CVE STATUS: Patched
CVE SUMMARY: Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13768

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-13769
CVE STATUS: Patched
CVE SUMMARY: The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13769

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14060
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14060

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14137
CVE STATUS: Patched
CVE SUMMARY: ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14137

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14138
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14138

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14139
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14139

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14172
CVE STATUS: Patched
CVE SUMMARY: In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14172

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14173
CVE STATUS: Patched
CVE SUMMARY: In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14173

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14174
CVE STATUS: Patched
CVE SUMMARY: In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14174

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14175
CVE STATUS: Patched
CVE SUMMARY: In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14175

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14224
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14224

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14248
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14248

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14249
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14249

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14324
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14324

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14325
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14325

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14326
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14326

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14341
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14341

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14342
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14342

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14343
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14343

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14400
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14400

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14505
CVE STATUS: Patched
CVE SUMMARY: DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14505

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14528
CVE STATUS: Patched
CVE SUMMARY: The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14528

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14531
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14531

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14532
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14532

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14533
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14533

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14607
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14607

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14624
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14624

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14625
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14625

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14626
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14626

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14682
CVE STATUS: Patched
CVE SUMMARY: GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14682

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14684
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14684

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14739
CVE STATUS: Patched
CVE SUMMARY: The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14739

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14741
CVE STATUS: Patched
CVE SUMMARY: The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14741

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-14989
CVE STATUS: Patched
CVE SUMMARY: A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14989

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15015
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15015

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15016
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15016

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15017
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15017

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15032
CVE STATUS: Patched
CVE SUMMARY: ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15032

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15033
CVE STATUS: Patched
CVE SUMMARY: ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15033

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15217
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15217

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15218
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15218

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15277
CVE STATUS: Patched
CVE SUMMARY: ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15277

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-15281
CVE STATUS: Patched
CVE SUMMARY: ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15281

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-16546
CVE STATUS: Patched
CVE SUMMARY: The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16546

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17499
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17499

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17504
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17504

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17680
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17680

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17681
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17681

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17682
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17682

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17879
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17879

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17880
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17880

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17881
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17881

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17882
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17882

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17883
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17883

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17884
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17884

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17885
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17885

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17886
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17886

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17887
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17887

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17914
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17914

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-17934
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17934

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18008
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18008

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18022
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18022

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18027
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18027

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18028
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18028

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18029
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18029

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18209
CVE STATUS: Patched
CVE SUMMARY: In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18209

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18210
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18210

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18211
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18211

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18250
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18250

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18251
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18251

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18252
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18252

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18253
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18253

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18254
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18254

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18271
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18271

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18272
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18272

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-18273
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18273

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-5506
CVE STATUS: Unpatched
CVE SUMMARY: Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5506

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-5507
CVE STATUS: Patched
CVE SUMMARY: Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5507

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-5508
CVE STATUS: Patched
CVE SUMMARY: Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5508

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-5509
CVE STATUS: Patched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5509

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-5510
CVE STATUS: Patched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5510

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-5511
CVE STATUS: Patched
CVE SUMMARY: coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5511

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-6497
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6497

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-6498
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6498

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-6499
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6499

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-6500
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6500

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-6501
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6501

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-6502
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6502

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-7275
CVE STATUS: Patched
CVE SUMMARY: The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7275

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-7606
CVE STATUS: Patched
CVE SUMMARY: coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7606

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-7619
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7619

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-7941
CVE STATUS: Patched
CVE SUMMARY: The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7941

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-7942
CVE STATUS: Patched
CVE SUMMARY: The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7942

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-7943
CVE STATUS: Patched
CVE SUMMARY: The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7943

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8343
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8343

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8344
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8344

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8345
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8345

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8346
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8346

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8347
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8347

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8348
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8348

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8349
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8349

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8350
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8350

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8351
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8351

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8352
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8352

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8353
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8353

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8354
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8354

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8355
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8355

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8356
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8356

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8357
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8357

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8765
CVE STATUS: Patched
CVE SUMMARY: The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8765

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-8830
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8830

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9098
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9098

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9141
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9141

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9142
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9142

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9143
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9143

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9144
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9144

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9261
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9261

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9262
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9262

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9405
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9405

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9407
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9407

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9409
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9409

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9439
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9439

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9440
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9440

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9499
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9499

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9500
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9500

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2017-9501
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9501

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-10177
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10177

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-10804
CVE STATUS: Patched
CVE SUMMARY: ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10804

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-10805
CVE STATUS: Patched
CVE SUMMARY: ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10805

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-11251
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11251

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-11624
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11624

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-11625
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11625

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-11655
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11655

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-11656
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11656

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-12599
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12599

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-12600
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12600

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-13153
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-13153

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-14434
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14434

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-14435
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14435

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-14436
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14436

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-14437
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14437

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-14551
CVE STATUS: Patched
CVE SUMMARY: The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14551

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-15607
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15607

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16323
CVE STATUS: Patched
CVE SUMMARY: ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16323

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16328
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16328

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16329
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16329

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16412
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16412

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16413
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16413

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16640
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16640

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16641
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16641

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16642
CVE STATUS: Patched
CVE SUMMARY: The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16642

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16643
CVE STATUS: Patched
CVE SUMMARY: The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16643

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16644
CVE STATUS: Patched
CVE SUMMARY: There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16644

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16645
CVE STATUS: Patched
CVE SUMMARY: There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16645

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16749
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16749

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-16750
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16750

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-17965
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17965

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-17966
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17966

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-17967
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-17967

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-18016
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18016

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-18023
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18023

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-18024
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18024

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-18025
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18025

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-18544
CVE STATUS: Patched
CVE SUMMARY: There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18544

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-20467
CVE STATUS: Patched
CVE SUMMARY: In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20467

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-5246
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5246

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-5247
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5247

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-5248
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5248

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-5357
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5357

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-5358
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-5358

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-6405
CVE STATUS: Patched
CVE SUMMARY: In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6405

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-6876
CVE STATUS: Patched
CVE SUMMARY: The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows remote attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6876

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-6930
CVE STATUS: Patched
CVE SUMMARY: A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6930

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-7443
CVE STATUS: Patched
CVE SUMMARY: The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c).
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7443

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-7470
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7470

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-8804
CVE STATUS: Patched
CVE SUMMARY: WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8804

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-8960
CVE STATUS: Patched
CVE SUMMARY: The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8960

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-9133
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9133

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2018-9135
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9135

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-10131
CVE STATUS: Patched
CVE SUMMARY: An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
CVSS v2 BASE SCORE: 3.6
CVSS v3 BASE SCORE: 6.5
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10131

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-10649
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10649

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-10650
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10650

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-10714
CVE STATUS: Patched
CVE SUMMARY: LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10714

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-11470
CVE STATUS: Patched
CVE SUMMARY: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11470

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-11472
CVE STATUS: Patched
CVE SUMMARY: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11472

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-11597
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11597

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-11598
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 8.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11598

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-12974
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12974

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-12975
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12975

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-12976
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12976

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-12977
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the WriteJP2Image function in coders/jp2.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12977

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-12978
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the ReadPANGOImage function in coders/pango.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12978

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-12979
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12979

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13133
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13133

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13134
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13134

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13135
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13135

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13136
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13136

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13137
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13137

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13295
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13295

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13296
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13296

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13297
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13297

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13298
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13298

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13299
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/pixel-accessor.h in GetPixelChannel.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13299

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13300
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13300

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13301
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13301

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13302
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13302

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13303
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/composite.c in CompositeImage.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13303

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13304
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13304

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13305
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13305

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13306
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13306

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13307
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13307

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13308
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13308

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13309
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13309

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13310
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13310

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13311
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13311

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13391
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13391

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-13454
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13454

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-14980
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14980

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-14981
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14981

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-15139
CVE STATUS: Patched
CVE SUMMARY: The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15139

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-15140
CVE STATUS: Patched
CVE SUMMARY: coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15140

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-15141
CVE STATUS: Patched
CVE SUMMARY: WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15141

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-16708
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16708

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-16709
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16709

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-16710
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16710

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-16711
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16711

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-16712
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16712

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-16713
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16713

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-17540
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17540

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-17541
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17541

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-17547
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17547

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-18853
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18853

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-19948
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19948

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-19949
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 9.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19949

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-19952
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19952

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-7175
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7175

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-7395
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7395

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-7396
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7396

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-7397
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7397

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-7398
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7398

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2019-9956
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9956

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-10251
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10251

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-13902
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 7.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13902

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-19667
CVE STATUS: Patched
CVE SUMMARY: Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-19667

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25663
CVE STATUS: Patched
CVE SUMMARY: A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25663

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25664
CVE STATUS: Patched
CVE SUMMARY: In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 6.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25664

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25665
CVE STATUS: Patched
CVE SUMMARY: The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25665

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25666
CVE STATUS: Patched
CVE SUMMARY: There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25666

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25667
CVE STATUS: Patched
CVE SUMMARY: TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25667

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25674
CVE STATUS: Patched
CVE SUMMARY: WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25674

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25675
CVE STATUS: Patched
CVE SUMMARY: In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25675

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-25676
CVE STATUS: Patched
CVE SUMMARY: In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25676

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27560
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27560

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27750
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27750

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27751
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27751

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27752
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 7.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27752

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27753
CVE STATUS: Patched
CVE SUMMARY: There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27753

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27754
CVE STATUS: Patched
CVE SUMMARY: In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27754

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27755
CVE STATUS: Patched
CVE SUMMARY: in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27755

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27756
CVE STATUS: Patched
CVE SUMMARY: In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27756

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27757
CVE STATUS: Patched
CVE SUMMARY: A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27757

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27758
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27758

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27759
CVE STATUS: Patched
CVE SUMMARY: In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27759

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27760
CVE STATUS: Patched
CVE SUMMARY: In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27760

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27761
CVE STATUS: Patched
CVE SUMMARY: WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27761

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27762
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27762

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27763
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27763

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27764
CVE STATUS: Patched
CVE SUMMARY: In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27764

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27765
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27765

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27766
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27766

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27767
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27767

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27768
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27768

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27769
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27769

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27770
CVE STATUS: Patched
CVE SUMMARY: Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27770

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27771
CVE STATUS: Patched
CVE SUMMARY: In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27771

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27772
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27772

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27773
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27773

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27774
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27774

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27775
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27775

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27776
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 3.3
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27776

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-27829
CVE STATUS: Patched
CVE SUMMARY: A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27829

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2020-29599
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29599

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20176
CVE STATUS: Patched
CVE SUMMARY: A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20176

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20224
CVE STATUS: Patched
CVE SUMMARY: An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20224

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20241
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20241

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20243
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20243

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20244
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20244

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20245
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20245

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20246
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.1
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20246

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20309
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20309

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20310
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20310

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20311
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20311

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20312
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
CVSS v2 BASE SCORE: 7.8
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20312

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-20313
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20313

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-3574
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 3.3
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3574

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-3596
CVE STATUS: Patched
CVE SUMMARY: A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3596

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-3610
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3610

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-39212
CVE STATUS: Patched
CVE SUMMARY: ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.
CVSS v2 BASE SCORE: 3.6
CVSS v3 BASE SCORE: 3.6
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:P/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-39212

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-3962
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3962

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-40211
CVE STATUS: Patched
CVE SUMMARY: An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-40211

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2021-4219
CVE STATUS: Patched
CVE SUMMARY: A flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.5
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4219

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-0284
CVE STATUS: Patched
CVE SUMMARY: A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.1
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0284

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-1114
CVE STATUS: Patched
CVE SUMMARY: A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.
CVSS v2 BASE SCORE: 5.8
CVSS v3 BASE SCORE: 7.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1114

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-1115
CVE STATUS: Patched
CVE SUMMARY: A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1115

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-2719
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2719

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-28463
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28463

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-3213
CVE STATUS: Patched
CVE SUMMARY: A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3213

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-32545
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32545

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-32546
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32546

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-32547
CVE STATUS: Patched
CVE SUMMARY: In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 7.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32547

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-44267
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44267

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-44268
CVE STATUS: Patched
CVE SUMMARY: ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44268

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2022-48541
CVE STATUS: Patched
CVE SUMMARY: A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.1
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48541

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-1289
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1289

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-1906
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1906

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-2157
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2157

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-3195
CVE STATUS: Patched
CVE SUMMARY: A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3195

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-34151
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34151

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-34152
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34152

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-34153
CVE STATUS: Patched
CVE SUMMARY: A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.8
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34153

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-3428
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow vulnerability was found  in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3428

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-34474
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34474

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-34475
CVE STATUS: Patched
CVE SUMMARY: A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-34475

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-3745
CVE STATUS: Patched
CVE SUMMARY: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-3745

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-39978
CVE STATUS: Patched
CVE SUMMARY: ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 3.3
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39978

LAYER: meta-oe
PACKAGE NAME: imagemagick-native
PACKAGE VERSION: 7.1.1-26
CVE: CVE-2023-5341
CVE STATUS: Unpatched
CVE SUMMARY: A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 5.5
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5341