CVSS: 6.5EPSS: 74%CPEs: 7EXPL: 3CVE-2018-16323 – ImageMagick - Memory Leak
https://notcve.org/view.php?id=CVE-2018-16323
01 Sep 2018 — ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. ReadXBMImage en coders/xbm.c en ImageMagick en versiones anteriores a la 7.0.8-9 deja los datos sin inicializar al procesar un archivo XBM que tiene un valor de pixel negativo. Si el código afectado se em... • https://packetstorm.news/files/id/150402 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6405 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-6405
30 Jan 2018 — In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. En la función ReadDCMImage en coders/dcm.c en ImageMagick, en versiones anteriores a la 7.0.7-23, cada variable redmap, greenmap y bluemap puede ser sobrescrita por un nuevo puntero. El puntero anterior se pierde, lo que conduce a una ... • https://github.com/ImageMagick/ImageMagick/issues/964 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18029 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18029
12 Jan 2018 — In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.6-10 Q16 en la función ReadMATImage en coders/mat.c. Esta vulnerabilidad permite que los atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malf... • http://www.securityfocus.com/bid/102519 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-1000445 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-1000445
02 Jan 2018 — ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service ImageMagick 7.0.7-1 y anteriores es vulnerable a una desreferencia de puntero NULL en el componente MagickCore. Esto podría desembocar en una denegación de servicio (DoS). It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attac... • http://www.securityfocus.com/bid/102368 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-17499 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17499
11 Dec 2017 — ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. ImageMagick en versiones anteriores a la 6.9.9-24 y versiones 7.x anteriores a la 7.0.7-12 presenta un uso de memoria previamente liberada en Magick::Image::read en Magick++/lib/Image.cpp. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker c... • http://www.securityfocus.com/bid/102155 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2017-17504 – Debian Security Advisory 4204-1
https://notcve.org/view.php?id=CVE-2017-17504
11 Dec 2017 — ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. ImageMagick en versiones anteriores a la 7.0.7-12 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en coders/png.c Magick_png_read_raw_profile mediante un archivo manipulado, relacionado con ReadOneMNGImage. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick... • https://github.com/ImageMagick/ImageMagick/issues/872 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 51%CPEs: 2EXPL: 2CVE-2017-15277 – Debian Security Advisory 4032-1
https://notcve.org/view.php?id=CVE-2017-15277
12 Oct 2017 — ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. ReadGIFImage en coders/gif.c en ImageMagick 7.0.6-1 y GraphicsMagick 1.3.26 deja sin inicializar la paleta cuando se procesa un archivo GIF que no tiene ni una pa... • https://github.com/hexrom/ImageMagick-CVE-2017-15277 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14682 – Debian Security Advisory 4032-1
https://notcve.org/view.php?id=CVE-2017-14682
21 Sep 2017 — GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. GetNextToken en MagickCore/token.c en ImageMagick 7.0.6 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de aplicación) o, probablemente, ... • https://usn.ubuntu.com/3681-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-14533 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14533
18 Sep 2017 — ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ImageMagick 7.0.6-6 tiene una vulnerabilidad de fuga de memoria en ReadMATImage en coders/mat.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/100885 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14528 – Ubuntu Security Notice USN-4988-1
https://notcve.org/view.php?id=CVE-2017-14528
18 Sep 2017 — The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. La función TIFFSetProfiles en coders/tiff.c en ImageMagick 7.0.6 tiene unas expectativas incorrectas de si los valores de retorno de LibTIFF TIFFGetField han pasado por un... • http://bugzilla.maptools.org/show_bug.cgi?id=2730 • CWE-416: Use After Free •