CVE-2017-13737
https://notcve.org/view.php?id=CVE-2017-13737
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. Existe una liberación no válida en la función MagickFree en magick/memory.c en GraphicsMagick 1.3.26 que podría acabar en un ataque de denegación de servicio remoto. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a http://openwall.com/lists/oss-security/2017/08/29/4 http://www.securityfocus.com/bid/100518 https://bugs.debian.org/878511 https://bugzilla.redhat.com/show_bug.cgi?id=1484196 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-416: Use After Free •
CVE-2017-13736
https://notcve.org/view.php?id=CVE-2017-13736
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. Existen muchas fugas de memoria en la función GMCommand en magick/command.c en GraphicsMagick 1.3.26 que podría acabar en un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100513 https://bugzilla.redhat.com/show_bug.cgi?id=1484192 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-13648
https://notcve.org/view.php?id=CVE-2017-13648
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. En GraphicsMagick 1.3.26 se ha encontrado una vulnerabilidad de fuga de memoria en la función ReadMATImage en coders/mat.c. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/433 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-13147
https://notcve.org/view.php?id=CVE-2017-13147
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. En GraphicsMagick 1.3.26 fue hallado un fallo de asignación en la función ReadMNGImage en coders/png.c cuando un archivo MNG pequeño tiene un fragmento MEND con un valor de longitud grande. • https://sourceforge.net/p/graphicsmagick/bugs/446 https://usn.ubuntu.com/4206-1 • CWE-20: Improper Input Validation •
CVE-2017-13065
https://notcve.org/view.php?id=CVE-2017-13065
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. GraphicsMagick 1.3.26 tiene una vulnerabilidad de desreferencia de puntero NULL en la función SVGStartElement en coders/svg.c. • http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/435 https://usn.ubuntu.com/4222-1 https://www.debian.org/security/2018/dsa-4321 • CWE-476: NULL Pointer Dereference •