Page 14 of 580 results (0.010 seconds)

CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 1

CVE-2019-11008

https://notcve.org/view.php?id=CVE-2019-11008

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteXWDImage de coders/xwd.c, que permite a los atacantes remotos causar una denegación de servicio (cierre inesperado de la aplicación) o posiblemente tener otro impacto no especificado a través de un archivo de imagen diseñado. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00021.html • CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0

CVE-2019-11007

https://notcve.org/view.php?id=CVE-2019-11007

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay una sobre-lectura de búfer basada en pilas en la función ReadMNGImage de coders/png.c, que permite a los atacantes causar una denegación de servicio o revelación de información a través de un mapa de color de imagen. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98 http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html https://sourc • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

CVE-2019-11006

https://notcve.org/view.php?id=CVE-2019-11006

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet. En GraphicsMagick 1.4 snapshot-20190322 Q8, hay una sobre lectura de búfer basada en memoria dinámica (heap) en la función ReadMIFFImage de coders/miff.c, que permite a los atacantes causar una denegación de servicio o divulgación de información a través de un paquete RLE. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html https://sourceforge.net/p/graphicsmagick/bugs/598 https://usn.ubuntu.com/4207-1 https://www.debian.org/security/2020/dsa-4640 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 1

CVE-2019-11005

https://notcve.org/view.php?id=CVE-2019-11005

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en GraphicsMagick 1.4 snapshot-20190322 Q8 en la función SVGStartElement en coders/svg.c. Esta vulnerabilidad permitiría a un atacante remoto generar una condición de denegación de servicio (cierre de aplicación) o la posibilidad de tener un impacto no específico mediante el entrecomillado de valores de familias de fuentes. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html https://sourceforge.net/p/graphicsmagick/bugs/600 https://usn.ubuntu.com/4207-1 https://www.debian.org/security/2020/dsa-4640 • CWE-787: Out-of-bounds Write •

CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2019-10906 – python-jinja2: str.format_map allows sandbox escape

https://notcve.org/view.php?id=CVE-2019-10906

In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. En Pallets Jinja, en versiones anteriores a la 2.10.1, str.format_map permite un escape de sandbox. A flaw was found in Jinja. Python string formatting could allow an attacker to escape the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity and system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00064.html https://access.redhat.com/errata/RHSA-2019:1152 https://access.redhat.com/errata/RHSA-2019:1237 https://access.redhat.com/errata/RHSA-2019:1329 https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f%40%3Cdevnull.infra.apache.org%3E https://lists.apache.org/thread.html/2b52b9c8b9d6366a4f1b407a8bde6af28d9fc73fdb3b37695fd0d9ac%40%3Cdevnull.infra.apac • CWE-138: Improper Neutralization of Special Elements •