Page 117 of 647 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. • http://www.openwall.com/lists/oss-security/2016/06/23/1 http://www.openwall.com/lists/oss-security/2016/06/25/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91394 https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1 https://security.gentoo.org/glsa/201611-21 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. El DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado al aprovechar la falta de validación de (1) pixel.red, (2) pixel.green y (3) pixel.blue. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91018 https://access.redhat.com/errata/RHSA-2016:1237 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://access.redhat.com/security/cve/CVE-2016-5239 https://bugzilla.redhat.com/show_bug.cgi?id=1334188 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 2%CPEs: 25EXPL: 0

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. • http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91027 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. La función WriteImages en magick/constitu.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo de imagen manipulado. • http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91039 https://access.redhat.com/errata/RHSA-2016:1237 https://github.com/ImageMagick/ImageMagick/commit/5b4bebaa91849c592a8448bc353ab25a54ff8c44 https://github.com/ImageMagick/ImageMagick/pull/34 https://access.redhat.com/security/cve/CVE-2015-8898 https://bugzilla.redhat.com/show_bug.cgi?id=1344264 • CWE-476: NULL Pointer Dereference •