CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-16709 – ImageMagick: memory leak in coders/dps.c
https://notcve.org/view.php?id=CVE-2019-16709
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. ImageMagick versión 7.0.8-35, presenta una pérdida de memoria en el archivo coders/dps.c, como es demostrado mediante la función XCreateImage. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/issues/1531 https://usn.ubuntu.com/4192-1 https://access.redhat.com/security/cve/CVE-2019-16709 https://bugzilla.redhat.com/show_bug.cgi?id=1801661 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-16710 – ImageMagick: memory leak in coders/dot.c
https://notcve.org/view.php?id=CVE-2019-16710
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. ImageMagick versión 7.0.8-35, presenta una pérdida de memoria en el archivo coders/dot.c, como es demostrado mediante la función AcquireMagickMemory en archivo MagickCore/memory.c. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/issues/1528 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-16710 https://bugzilla.redhat.com/show_bug.cgi?id=1801667 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-16711 – ImageMagick: memory leak in Huffman2DEncodeImage in coders/ps2.c
https://notcve.org/view.php?id=CVE-2019-16711
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. ImageMagick versión 7.0.8-40, presenta una pérdida de memoria en la función Huffman2DEncodeImage en el archivo coders/ps2.c. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/issues/1542 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-16711 https://bugzilla.redhat.com/show_bug.cgi?id=1801673 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-16713 – ImageMagick: memory leak in coders/dot.c
https://notcve.org/view.php?id=CVE-2019-16713
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. ImageMagick versión 7.0.8-43, presenta una pérdida de memoria en el archivo coders/dot.c, como es demostrado mediante la función PingImage en el archivo MagickCore/constitut.c. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/issues/1558 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-16713 https://bugzilla.redhat.com/show_bug.cgi?id=1801681 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 1CVE-2019-16680 – file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive
https://notcve.org/view.php?id=CVE-2019-16680
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. Se detectó un problema en GNOME file-roller versiones anteriores a 3.29.91. Permite un único salto de ruta (path) ./../ por medio de un nombre de archivo contenido en un archivo TAR, posiblemente sobrescribiendo un archivo durante la extracción. A path traversal vulnerability was discovered in the file-roller (Archive Manager for GNOME) in the way file paths with special characters are sanitized. • https://bugzilla.gnome.org/show_bug.cgi?id=794337 https://bugzilla.redhat.com/show_bug.cgi?id=1767594 https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2 https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1 https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html https://seclists.org/bugtraq/2019/Sep/57 https://usn.ubuntu.com/4139-1 https://www.debian.org/security/2019/dsa-4537 https://access.redhat.com/secur • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •