CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-7397 – ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
https://notcve.org/view.php?id=CVE-2019-7397
05 Feb 2019 — In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, y GraphicsMagick, hasta la versión 1.3.31, existen varias vulnerabilidades de fuga de memoria en WritePDFImage en coders/pdf.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker c... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7396 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-7396
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en ReadSIXELImage en coders/sixel.c. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7395 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-7395
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WritePSDChannel en coders/psd.c. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-20467 – ImageMagick: infinite loop in coders/bmp.c
https://notcve.org/view.php?id=CVE-2018-20467
26 Dec 2018 — In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. En coders/bmp.c en ImageMagick en versiones anteriores a la 7.0.8-16, un archivo de entradas puede resultar en un bucle infinito y un bloqueo, con un gran consumo de CPU y memoria. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16750 – ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2018-16750
09 Sep 2018 — In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. En ImageMagick 7.0.7-29 y anteriores, se ha encontrado una fuga de memoria en la función formatIPTCfromBuffer en coders/meta.c. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if nece... • http://www.securityfocus.com/bid/108492 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-16749 – ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2018-16749
09 Sep 2018 — In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. En ImageMagick 7.0.7-29 y anteriores, la falta de una comprobación NULL en ReadOneJNGImage en coders/png.c permite que un atacante provoque una denegación de servicio (fallo de aserción en WriteBlob y salida de la aplicación) mediante un archivo manipulado. Due to a large number of issues discovered... • https://github.com/ImageMagick/ImageMagick/issues/1119 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16329
https://notcve.org/view.php?id=CVE-2018-16329
01 Sep 2018 — In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. En ImageMagick en versiones anteriores a la 7.0.8-8, existe una desreferencia de puntero NULL en la función GetMagickProperty en MagickCore/property.c. • https://github.com/ImageMagick/ImageMagick/issues/1225 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16328 – ImageMagick: NULL pointer dereference in CheckEventLogging function in MagickCore/log.c
https://notcve.org/view.php?id=CVE-2018-16328
01 Sep 2018 — In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. En ImageMagick en versiones anteriores a la 7.0.8-8, existe una desreferencia de puntero NULL en la función CheckEventLogging en MagickCore/log.c. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include buffer overflow, denial of service, double free, information leakage, null pointer, out of bou... • https://github.com/ImageMagick/ImageMagick/issues/1224 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 17%CPEs: 7EXPL: 3CVE-2018-16323 – ImageMagick - Memory Leak
https://notcve.org/view.php?id=CVE-2018-16323
01 Sep 2018 — ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. ReadXBMImage en coders/xbm.c en ImageMagick en versiones anteriores a la 7.0.8-9 deja los datos sin inicializar al procesar un archivo XBM que tiene un valor de pixel negativo. Si el código afectado se em... • https://packetstorm.news/files/id/150402 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6405 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-6405
30 Jan 2018 — In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. En la función ReadDCMImage en coders/dcm.c en ImageMagick, en versiones anteriores a la 7.0.7-23, cada variable redmap, greenmap y bluemap puede ser sobrescrita por un nuevo puntero. El puntero anterior se pierde, lo que conduce a una ... • https://github.com/ImageMagick/ImageMagick/issues/964 • CWE-772: Missing Release of Resource after Effective Lifetime •