CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16640 – ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c
https://notcve.org/view.php?id=CVE-2018-16640
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. ImageMagick 7.0.8-5 tiene una vulnerabilidad de fuga de memoria en la función ReadOneJNGImage en coders/png.c. • https://github.com/ImageMagick/ImageMagick/commit/76efa969342568841ecf320b5a041685a6d24e0b https://github.com/ImageMagick/ImageMagick/issues/1201 https://usn.ubuntu.com/3785-1 https://access.redhat.com/security/cve/CVE-2018-16640 https://bugzilla.redhat.com/show_bug.cgi?id=1626570 • CWE-125: Out-of-bounds Read CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-16644 – ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c
https://notcve.org/view.php?id=CVE-2018-16644
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. Hay una falta de comprobaciones de longitud en las funciones ReadDCMImage de coders/dcm.c y ReadPICTImage de coders/pict.c en ImageMagick 7.0.8-11, lo que permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante una imagen manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7 https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135 https://github.com/ImageMagick/ImageMagick/issues/1269 https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html https://usn.ubuntu.com/3785-1 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2018/dsa-4316 https://access.redhat.com/securi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 6EXPL: 0CVE-2018-16642 – ImageMagick: out-of-bounds write in InsertRow function in coders/cut.c
https://notcve.org/view.php?id=CVE-2018-16642
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. La función InsertRow en coders/cut.c en ImageMagick 7.0.7-37 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante un archivo de imagen manipulado debido a una escritura fuera de límites. • https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e https://github.com/ImageMagick/ImageMagick/issues/1162 https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html https://usn.ubuntu.com/3785-1 https://www.debian.org/security/2018/dsa-4316 https://access.redhat.com/security/cve/CVE-2018-16642 https://bugzilla.redhat.com/show_bug.cgi?id=1626591 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16585
https://notcve.org/view.php?id=CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193) ** EN DISPUTA ** Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=1497d65039885a52b598b137dd8622bd4672f9be http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=971472c83a345a16dac9f90f91258bb22dd77f22 https://bugzilla.redhat.com/show_bug.cgi?id=1626193 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://seclists.org/oss-sec/2018/q3/182 https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.debian.org/security/2018/dsa-4288 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 11EXPL: 0CVE-2018-14618 – curl: NTLM password overflow via integer overflow
https://notcve.org/view.php?id=CVE-2018-14618
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. • http://www.securitytracker.com/id/1041605 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:1880 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-14618.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014 https://security.gentoo.org/glsa/201903-03 https://usn.ubuntu.com/3765-1 https://usn.ubuntu.com/ • CWE-122: Heap-based Buffer Overflow CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •