RHSA-2020:1180MediumCVSS 8.8

Red Hat Security Advisory: ImageMagick security, bug fix, and enhancement update

Published
March 31, 2020
Last Modified
June 27, 2026

🔗 CVE IDs covered (82)

📋 Description

CVE-2017-11166 — ImageMagick: memory leak vulnerability in ReadXWDImage function in coders/xwd.c CVE-2017-12805 — ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service CVE-2017-12806 — ImageMagick: memory exhaustion in function format8BIM causing denial of service CVE-2017-18251 — ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c CVE-2017-18252 — ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c CVE-2017-18254 — ImageMagick: memory leak in WriteGIFImage function in coders/gif.c CVE-2017-18271 — ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c CVE-2017-18273 — ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c CVE-2017-1000476 — ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c CVE-2018-8804 — ImageMagick: double free in WriteEPTImage function in coders/ept.c CVE-2018-9133 — ImageMagick: excessive iteration in the DecodeLabImage and EncodeLabImage functions in coders/tiff.c CVE-2018-10177 — ImageMagick: Infinite loop in coders/png.c:ReadOneMNGImage() allows attackers to cause a denial of service via crafted MNG file CVE-2018-10804 — ImageMagick: Memory leak in WriteTIFFImage CVE-2018-10805 — ImageMagick: Memory leak in ReadYCBCRImage CVE-2018-11656 — ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c CVE-2018-12599 — ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c CVE-2018-12600 — ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c CVE-2018-13153 — ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c CVE-2018-14434 — ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c CVE-2018-14435 — ImageMagick: memory leak in DecodeImage in coders/pcd.c CVE-2018-14436 — ImageMagick: memory leak in ReadMIFFImage in coders/miff.c CVE-2018-14437 — ImageMagick: memory leak in parse8BIM in coders/meta.c CVE-2018-15607 — ImageMagick: CPU Exhaustion via crafted input file CVE-2018-16328 — ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c CVE-2018-16640 — ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c CVE-2018-16642 — ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c CVE-2018-16643 — ImageMagick: missing check for fputc function in multiple files CVE-2018-16644 — ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c CVE-2018-16645 — ImageMagick: Out-of-memory ReadBMPImage of coders/bmp.c and ReadDIBImage of codes/dib.c CVE-2018-16749 — ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c CVE-2018-16750 — ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c CVE-2018-17966 — ImageMagick: memory leak in WritePDBImage in coders/pdb.c CVE-2018-17967 — ImageMagick: memory leak in ReadBGRImage in coders/bgr.c. CVE-2018-18016 — ImageMagick: memory leak in WritePCXImage in coders/pcx.c CVE-2018-18024 — ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c CVE-2018-18544 — ImageMagick: memory leak in WriteMSLImage of coders/msl.c CVE-2018-20467 — ImageMagick: infinite loop in coders/bmp.c CVE-2019-7175 — imagemagick: memory leak in function DecodeImage in coders/pcd.c CVE-2019-7397 — ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c CVE-2019-7398 — ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c CVE-2019-9956 — imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c CVE-2019-10131 — ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c CVE-2019-10650 — ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file CVE-2019-11470 — ImageMagick: denial of service in cineon parsing component CVE-2019-11472 — ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component CVE-2019-11597 — ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure CVE-2019-11598 — ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure CVE-2019-12974 — imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service CVE-2019-12975 — imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c CVE-2019-12976 — imagemagick: memory leak vulnerability in function ReadPCLImage in coders/pcl.c CVE-2019-12978 — imagemagick: use of uninitialized value in function ReadPANGOImage in coders/pango.c CVE-2019-12979 — imagemagick: use of uninitialized value in functionSyncImageSettings in MagickCore/image.c CVE-2019-13133 — ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c CVE-2019-13134 — ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c CVE-2019-13135 — ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS CVE-2019-13295 — ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled CVE-2019-13297 — ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled CVE-2019-13300 — ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns CVE-2019-13301 — ImageMagick: memory leaks in AcquireMagickMemory CVE-2019-13304 — ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment CVE-2019-13305 — ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error CVE-2019-13306 — ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors CVE-2019-13307 — ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows CVE-2019-13309 — ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages CVE-2019-13310 — ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c CVE-2019-13311 — ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error CVE-2019-13454 — ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c CVE-2019-14980 — ImageMagick: use-after-free in magick/blob.c resulting in a denial of service CVE-2019-14981 — ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c CVE-2019-15139 — ImageMagick: out-of-bounds read in ReadXWDImage in coders/xwd.c CVE-2019-15140 — ImageMagick: Use after free in ReadMATImage in coders/mat.c CVE-2019-15141 — ImageMagick: heap-based buffer overflow in WriteTIFFImage in coders/tiff.c CVE-2019-16708 — ImageMagick: memory leak in magick/xwindow.c CVE-2019-16709 — ImageMagick: memory leak in coders/dps.c CVE-2019-16710 — ImageMagick: memory leak in coders/dot.c CVE-2019-16711 — ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c CVE-2019-16712 — ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps3.c CVE-2019-16713 — ImageMagick: memory leak in coders/dot.c CVE-2019-17540 — ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c CVE-2019-17541 — ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c CVE-2019-19948 — ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c CVE-2019-19949 — ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c

🔗 References (82)