CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16643 – ImageMagick: missing check for fputc function in multiple files
https://notcve.org/view.php?id=CVE-2018-16643
06 Sep 2018 — The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. Las funciones ReadDCMImage en coders/dcm.c, ReadPWPImage en coders/pwp.c, ReadCALSImage en coders/cals.c y ReadPICTImage en coders/pict.c en ImageMagick 7.0.8-4 no comprueban el valor de retorno de la función f... • https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c • CWE-20: Improper Input Validation CWE-252: Unchecked Return Value •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16644 – ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c
https://notcve.org/view.php?id=CVE-2018-16644
06 Sep 2018 — There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. Hay una falta de comprobaciones de longitud en las funciones ReadDCMImage de coders/dcm.c y ReadPICTImage de coders/pict.c en ImageMagick 7.0.8-11, lo que permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante una imagen manipulada. Due to a large number of i... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-16645 – ImageMagick: Out-of-memory ReadBMPImage of coders/bmp.c and ReadDIBImage of codes/dib.c
https://notcve.org/view.php?id=CVE-2018-16645
06 Sep 2018 — There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. Hay un problema de asignación de memoria excesiva en las funciones ReadBMPImage en coders/bmp.c y ReadDIBImage en coders/dib.c en ImageMagick 7.0.8-11, que permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante una imagen manipulada. It was disco... • https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-16412
https://notcve.org/view.php?id=CVE-2018-16412
03 Sep 2018 — ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. ImageMagick 7.0.8-11 Q16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función ParseImageResourceBlocks en coders/psd.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16413 – Ubuntu Security Notice USN-6980-1
https://notcve.org/view.php?id=CVE-2018-16413
03 Sep 2018 — ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. ImageMagick 7.0.8-11 Q16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función PushShortPixel en MagickCore/quantum-private.h cuando se llama desde la función ParseImageResourceBlocks en coders/psd.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user o... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15607 – ImageMagick: CPU Exhaustion via crafted input file
https://notcve.org/view.php?id=CVE-2018-15607
21 Aug 2018 — In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. En ImageMagick 7.0.8-11 Q16, un archivo de entrada pequeño 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36... • http://www.securityfocus.com/bid/105137 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-14551 – Ubuntu Security Notice USN-3785-1
https://notcve.org/view.php?id=CVE-2018-14551
23 Jul 2018 — The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. La función ReadMATImageV4 en coders/mat.c en ImageMagick 7.0.8-7 emplea una variable no inicializada, lo que conduce a una corrupción de memoria. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This p... • https://github.com/ImageMagick/ImageMagick/issues/1221 • CWE-787: Out-of-bounds Write CWE-908: Use of Uninitialized Resource •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14434 – ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c
https://notcve.org/view.php?id=CVE-2018-14434
20 Jul 2018 — ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en un mapa de color en WriteMPCImage en coders/mpc.c. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configurat... • https://github.com/ImageMagick/ImageMagick/issues/1192 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14435 – ImageMagick: memory leak in DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2018-14435
20 Jul 2018 — ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en DecodeImage en coders/pcd.c. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include buffer overflow, denial of service, double free, information leakage, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://github.com/ImageMagick/ImageMagick/issues/1193 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14436 – ImageMagick: memory leak in ReadMIFFImage in coders/miff.c
https://notcve.org/view.php?id=CVE-2018-14436
20 Jul 2018 — ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en ReadMIFFImage en coders/miff.c. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include buffer overflow, denial of service, double free, information leakage, null pointer, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://github.com/ImageMagick/ImageMagick/issues/1191 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •