VulnerableCode Package Details - pkg:rpm/redhat/ImageMagick@6.7.2.7-5?arch=el6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/ImageMagick@6.7.2.7-5?arch=el6_8

Essentials
History (21)

purl	pkg:rpm/redhat/ImageMagick@6.7.2.7-5?arch=el6_8

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (21)

Vulnerability	Summary	Fixed by
VCID-2f66-aukm-nyb3 Aliases: CVE-2016-5240	security update	There are no reported fixed by versions.
VCID-2t4v-16se-7qef Aliases: CVE-2015-8895	ImageMagick: Integer and buffer overflow in coders/icon.c	There are no reported fixed by versions.
VCID-32uq-r1e7-3ub4 Aliases: CVE-2015-7501 GHSA-fjq5-5j5f-mvxh	InvokerTransformer code execution during deserialization This package allows code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.	There are no reported fixed by versions.
VCID-3bxq-vmjj-kqfe Aliases: CVE-2014-3577 GHSA-cfh5-3ghh-wfjx	org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.	There are no reported fixed by versions.
VCID-3keu-g1gc-kyhf Aliases: CVE-2016-0791 GHSA-jmw7-ph6p-33cc	Information Exposure Jenkins does not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.	There are no reported fixed by versions.
VCID-4tt7-hwz7-nfhf Aliases: CVE-2016-0792 GHSA-45rg-g72w-r393	Jenkins allows Deserialization of Untrusted Data via an XML File Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.	There are no reported fixed by versions.
VCID-5tfj-bm2b-ffhm Aliases: CVE-2016-3727 GHSA-6cr3-cm5h-8q96	Jenkins Exposes Sensitive Information via API URL The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.	There are no reported fixed by versions.
VCID-7fmu-6e6q-r7hd Aliases: CVE-2016-5118	security update	There are no reported fixed by versions.
VCID-7wrg-6pw1-nucx Aliases: CVE-2016-5239	security update	There are no reported fixed by versions.
VCID-891k-xz71-guc5 Aliases: CVE-2016-0788 GHSA-j7q5-h445-f7pc	Jenkins allows Execution of Code by Opening a JRMP Listener The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.	There are no reported fixed by versions.
VCID-8y2p-df9x-a7cp Aliases: CVE-2016-3722 GHSA-3857-xm38-jmq2	Permissions, Privileges, and Access Controls Jenkins allows remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name".	There are no reported fixed by versions.
VCID-a1z8-rynx-p7a8 Aliases: CVE-2015-8897	ImageMagick: Crash due to out of bounds error in SpliceImage	There are no reported fixed by versions.
VCID-b69p-t71y-hbhd Aliases: CVE-2016-3726 GHSA-rx4r-gxpc-h85x	Jenkins affected by Open Redirect Vulnerability Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.	There are no reported fixed by versions.
VCID-hz8y-hdp6-t3bx Aliases: CVE-2015-8896	ImageMagick: Integer truncation vulnerability in coders/pict.c	There are no reported fixed by versions.
VCID-jaty-3r2s-pqc2 Aliases: CVE-2016-3721 GHSA-qf2h-h3xq-j93j	Jenkins allows Remote Users to Inject Build Parameters Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.	There are no reported fixed by versions.
VCID-kt3k-9uyt-13d1 Aliases: CVE-2016-3724 GHSA-7vvj-qqvj-h8mc	Jenkins Exposes Sensitive Information from Job Configuration Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.	There are no reported fixed by versions.
VCID-p7v4-63fw-kqaj Aliases: CVE-2016-0790 GHSA-jgpr-qrw2-6gp3	Information Exposure Jenkins does not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.	There are no reported fixed by versions.
VCID-puux-2z74-3yea Aliases: CVE-2016-3723 GHSA-8572-5jrg-mx52	Information Exposure Jenkins allows remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.	There are no reported fixed by versions.
VCID-qc16-r3cs-cbdr Aliases: CVE-2015-8898	ImageMagick: Prevent NULL pointer access in magick/constitute.c	There are no reported fixed by versions.
VCID-y5vs-8bqz-sqf5 Aliases: CVE-2016-0789 GHSA-8p3c-m625-wh83	Jenkins has CRLF Injection Vulnerability in the CLI CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.	There are no reported fixed by versions.
VCID-yvec-gpmh-73hq Aliases: CVE-2016-3725 GHSA-59fm-6x3q-q3q5	Permissions, Privileges, and Access Controls Jenkins allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permission check.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:46:24.951944+00:00	RedHat Importer	Affected by	VCID-3bxq-vmjj-kqfe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3577.json	38.0.0
2026-04-01T14:41:30.042032+00:00	RedHat Importer	Affected by	VCID-hz8y-hdp6-t3bx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8896.json	38.0.0
2026-04-01T14:40:54.052503+00:00	RedHat Importer	Affected by	VCID-2t4v-16se-7qef	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8895.json	38.0.0
2026-04-01T14:39:16.157309+00:00	RedHat Importer	Affected by	VCID-32uq-r1e7-3ub4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7501.json	38.0.0
2026-04-01T14:38:09.136760+00:00	RedHat Importer	Affected by	VCID-a1z8-rynx-p7a8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8897.json	38.0.0
2026-04-01T14:38:09.098168+00:00	RedHat Importer	Affected by	VCID-qc16-r3cs-cbdr	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8898.json	38.0.0
2026-04-01T14:37:45.839985+00:00	RedHat Importer	Affected by	VCID-4tt7-hwz7-nfhf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0792.json	38.0.0
2026-04-01T14:37:45.416339+00:00	RedHat Importer	Affected by	VCID-3keu-g1gc-kyhf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0791.json	38.0.0
2026-04-01T14:37:44.989061+00:00	RedHat Importer	Affected by	VCID-p7v4-63fw-kqaj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0790.json	38.0.0
2026-04-01T14:37:44.583267+00:00	RedHat Importer	Affected by	VCID-y5vs-8bqz-sqf5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0789.json	38.0.0
2026-04-01T14:37:44.159824+00:00	RedHat Importer	Affected by	VCID-891k-xz71-guc5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0788.json	38.0.0
2026-04-01T14:36:44.601122+00:00	RedHat Importer	Affected by	VCID-2f66-aukm-nyb3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5240.json	38.0.0
2026-04-01T14:36:39.589592+00:00	RedHat Importer	Affected by	VCID-7wrg-6pw1-nucx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5239.json	38.0.0
2026-04-01T14:36:36.269470+00:00	RedHat Importer	Affected by	VCID-5tfj-bm2b-ffhm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3727.json	38.0.0
2026-04-01T14:36:35.888090+00:00	RedHat Importer	Affected by	VCID-b69p-t71y-hbhd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3726.json	38.0.0
2026-04-01T14:36:35.466169+00:00	RedHat Importer	Affected by	VCID-yvec-gpmh-73hq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3725.json	38.0.0
2026-04-01T14:36:35.051686+00:00	RedHat Importer	Affected by	VCID-kt3k-9uyt-13d1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3724.json	38.0.0
2026-04-01T14:36:34.649627+00:00	RedHat Importer	Affected by	VCID-puux-2z74-3yea	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3723.json	38.0.0
2026-04-01T14:36:34.250510+00:00	RedHat Importer	Affected by	VCID-8y2p-df9x-a7cp	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3722.json	38.0.0
2026-04-01T14:36:33.829298+00:00	RedHat Importer	Affected by	VCID-jaty-3r2s-pqc2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3721.json	38.0.0
2026-04-01T14:36:28.623628+00:00	RedHat Importer	Affected by	VCID-7fmu-6e6q-r7hd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5118.json	38.0.0