CVSS: 10.0EPSS: 56%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
30 May 2016 — The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processe... • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 44EXPL: 2CVE-2013-4589 – Gentoo Linux Security Advisory 201311-10
https://notcve.org/view.php?id=CVE-2013-4589
19 Nov 2013 — The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. La función ExportAlphaQuantumType en export.c de GraphicsMagick anterior a la versión 1.3.18 podría permitir a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con la exportación de alpha de una imagen RGBA de 8-bit. Multiple vulnerabilities have been ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2012-3438
https://notcve.org/view.php?id=CVE-2012-3438
07 Aug 2012 — The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. La función Magick_png_malloc en coders/png.c en GraphicsMagick v6.7.8-6 no utiliza adecuadamente el tipo de variable para el tamaño de en memoria, lo cual podría permitir a atacantes remotos causar una denegación de servicio (caída) a tra... • http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2008-6621
https://notcve.org/view.php?id=CVE-2008-6621
06 Apr 2009 — Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en la herramienta de procesamiento de imágenes GraphicsMagick v1.2.3 que permite a usuarios remotos causar una denegación de servicio (caída de la aplicación) a través de vectores de ataque no especificados en las imagenes DPX. NOTA: algunos de estos de... • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/dpx.c •
CVSS: 9.3EPSS: 3%CPEs: 24EXPL: 0CVE-2008-6070
https://notcve.org/view.php?id=CVE-2008-6070
06 Feb 2009 — Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos inferiores de búfer basados en montículo en la función ReadPALMImage en coders/palm.c de GraphicsMagick before v1.2.3, permite a ata... • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 20EXPL: 0CVE-2008-6071
https://notcve.org/view.php?id=CVE-2008-6071
06 Feb 2009 — Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función DecodeImage de coders/pict.c de GraphicsMagick anterior a v1.1.14 y v1.2.x anterior a v1.2.3; permite a atacantes remotos provocar u... • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2008-6072
https://notcve.org/view.php?id=CVE-2008-6072
06 Feb 2009 — Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images. Múltiples vulnerabilidades no especificadas en GraphicsMagick anterior a v1.1.14, y v1.2.x anterior a 1v.2.3, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores no especificados en (1) XCF y (2) imágenes CINEON. • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c •
CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 0CVE-2008-3134
https://notcve.org/view.php?id=CVE-2008-3134
10 Jul 2008 — Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file. Múltiples vulnerabilidades sin especificar en GraphicsMAgick anter... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 9%CPEs: 10EXPL: 1CVE-2008-1096 – Out of bound write in ImageMagick's XCF coder
https://notcve.org/view.php?id=CVE-2008-1096
05 Mar 2008 — The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. La función load_tile en el codificador XCF de coders/xcf.c en (1) ImageMagick 6.2.8-0 y (2) GraphicsMagick (también conocido como gm) 1.1.7 permite a atacantes r... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 7%CPEs: 10EXPL: 1CVE-2008-1097 – Memory corruption in ImageMagick's PCX coder
https://notcve.org/view.php?id=CVE-2008-1097
05 Mar 2008 — Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. Desbordamiento de búfer basado en montículo en la función ReadPCXImage del codificador PCX de coders/pcx.c en (1) Im... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034 • CWE-399: Resource Management Errors •