CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5246 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5246
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadPATTERNImage en coders/pattern.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102469 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.6EPSS: 90%CPEs: 1090EXPL: 8CVE-2017-5715 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5715
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción indirecta de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocess... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2017-1000476 – ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c
https://notcve.org/view.php?id=CVE-2017-1000476
03 Jan 2018 — ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. Se ha encontrado una vulnerabilidad de agotamiento de CPU en ImageMagick 7.0.7-12 Q16 en la función ReadPDBImage en coders/dds.c. Esta vulnerabilidad permite que los atacantes causen una denegación de servicio. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick we... • http://www.securityfocus.com/bid/102428 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-1000422 – Debian Security Advisory 4088-1
https://notcve.org/view.php?id=CVE-2017-1000422
02 Jan 2018 — Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution Gnome gdk-pixbuf 2.36.8 y anteriores es vulnerable a varios desbordamientos de enteros en la función gif_get_lzw. Esto resulta en la corrupción de memoria y la potencial ejecución de código. It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubun... • https://bugzilla.gnome.org/show_bug.cgi?id=785973 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-1000445 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-1000445
02 Jan 2018 — ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service ImageMagick 7.0.7-1 y anteriores es vulnerable a una desreferencia de puntero NULL en el componente MagickCore. Esto podría desembocar en una denegación de servicio (DoS). It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attac... • http://www.securityfocus.com/bid/102368 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18008 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18008
01 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadPWPImage en coders/pwp.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102346 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.3EPSS: 1%CPEs: 16EXPL: 1CVE-2017-7829 – Mozilla: From address with encoded null character is cut off in message header display
https://notcve.org/view.php?id=CVE-2017-7829
29 Dec 2017 — It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. Es posible suplantar la dirección de correo del remitente y mostrar una dirección de envío arbitraria al correo receptor. La dirección de envío real no se muestra si viene precedida de un carácter nulo en la cadena de muestra. • http://www.securityfocus.com/bid/102258 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17934 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17934
27 Dec 2017 — ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. ImageMagick 7.0.7-17 Q16 x86_64 tiene filtrados de memoria en coders/msl.c. Esto está relacionado con MSLPopImage y ProcessMSLScript, y se asocia a una mala gestión de llamadas MSLPushImage. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into ope... • http://www.securityfocus.com/bid/102314 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-17914 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17914
26 Dec 2017 — In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. Se ha encontrado una vulnerabilidad en ImageMagick 7.0.7-16 Q16 en la función ReadOnePNGImage en coders/png.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (bucle ReadOneMNGImage de gran tamaño) mediante un archivo de imagen mng manipulado. It was discovered ... • https://github.com/ImageMagick/ImageMagick/issues/908 • CWE-834: Excessive Iteration •