CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-12975 – imagemagick: memory leak vulnerability in function WriteDPXImage in coders/dpx.c
https://notcve.org/view.php?id=CVE-2019-12975
26 Jun 2019 — ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. ImageMagick versión 7.0.8-34 tiene una vulnerabilidad de pérdida de memoria en la función WriteDPXImage en coders/dpx.c. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the WriteDPXImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them cras... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12974 – imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service
https://notcve.org/view.php?id=CVE-2019-12974
26 Jun 2019 — A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Una desreferencia de puntero NULL en la función ReadPANGOImage en coders/pango.c y la función ReadVIDImage en coders/vid.c en ImageMagick versión 7.0.8-34 permite a los atacantes remotos provocar una denegación de servicio a través de una imagen diseñada. It was discovered that ImageMagick i... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11598 – ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11598
29 Apr 2019 — In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. En ImageMagick versión 7.0.8-40 Q16, Hay una lectura excesiva de búfer en la región heap de la memoria en la función WritePNMImage del archivo coders/pnm.c, que permite que un atacante genere una Denegación de Servicio ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11597 – ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11597
29 Apr 2019 — In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. ImageMagick en la versión 7.0.8-43 Q16, tiene una sobre-lectura de búfer basada en pilas en la función WriteTIFFImage de coders/tiff.c, que permite a un atacante causar una denegación de servicio o posiblemente la divulgación de información a través de un archivo de imagen diseña... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11472 – ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component
https://notcve.org/view.php?id=CVE-2019-11472
23 Apr 2019 — ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. ReadXWDImage en coders/xwd.c en el componente de análisis de imágenes XWD de ImageMagick 7.0.8-41 Q16 permite a los atacantes causar una denegación de servicio (error de división por cero) al crear un archivo de imagen XWD en el que el encabezado indica ni L... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html • CWE-248: Uncaught Exception CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11470 – ImageMagick: denial of service in cineon parsing component
https://notcve.org/view.php?id=CVE-2019-11470
23 Apr 2019 — The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. El componente de análisis de cineon en ImageMagick 7.0.8-26 Q16, permite a los atacantes provocar una denegación de servicio (consumo incontrolado de recursos) creando una imagen Cineon con un tamaño de ima... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
02 Apr 2019 — LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10650 – ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
https://notcve.org/view.php?id=CVE-2019-10650
30 Mar 2019 — In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función WriteTIFFImage de coders/tiff.c que permite al atacante provocar una denegación de servicio (DoS) o divulgación de información mediante un archivo de imagen manipulado... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10649 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-10649
30 Mar 2019 — In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una vulnerabilidad de filtrado de memoria en la función SVGKeyValuePairs de coders/svg.c que permite al atacante provocar una denegación de servicio (DoS) mediante un archivo de imagen manipulado. Handling problems and cases of missing or incomplete input sanitising may result in d... • http://www.securityfocus.com/bid/107645 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-9956 – imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-9956
23 Mar 2019 — In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Se ha encontrado una vulnerabilidad de desbordamiento de búfer basado en pila en ImageMagick 7.0.8-35 Q16 en la función PopHexPixel en coders/ps.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen manipulado. ImageMagick is an image displ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •