Page 148 of 1907 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns. ImageMagick versión 7.0.8-50 Q16 tiene un desbordamiento de búfer basado en memoria dinámica (heap) en MagickCore/statistic.c en EvaluateImages debido a la gestión incorrecta de las columnas. A heap-based buffer overflow was discovered in ImageMagick in the way it applies a value with arithmetic, relational, or logical operators to an image due to mishandling columns. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/a906fe9298bf89e01d5272023db687935068849a https://github.com/ImageMagick/ImageMagick/issues/1586 https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://www.debian.org/security/2020/dsa-4715 https://access.redhat.com/security/cve/CVE-2019-13300 https://bugzilla.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled. ImageMagick versión 7.0.8-50 Q16, presenta una lectura excesiva del búfer en la región heap de la memoria en el archivo MagickCore/threshold.c en la función AdaptiveThresholdImage porque una altura de cero se maneja inapropiadamente. A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a height of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc https://github.com/ImageMagick/ImageMagick/issues/1609 https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773 https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. ImageMagick versión 7.0.8-50 Q16, presenta una lectura excesiva del búfer en la región heap de la memoria en el archivo MagickCore/threshold.c en la función AdaptiveThresholdImage porque un ancho de cero se maneja inapropiadamente. A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a width of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/a7759f410b773a1dd57b0e1fb28112e1cd8b97bc https://github.com/ImageMagick/ImageMagick/issues/1608 https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2

FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. FlightCrew versión 0.9.2 y anteriores son vulnerables a un ataque de salto de directorio, lo que permite que los atacantes escriban archivos arbitrarios mediante un ../ (punto punto barra) en una entrada de archivo Zip que se gestiona de manera incorrecta durante la extracción. • https://github.com/Sigil-Ebook/flightcrew/issues/52 https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3 https://usn.ubuntu.com/4055-1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) cuando se carga un archivo PCX en SDL2_image, versión 2.0.4. La falta de un manejador de errores puede provocar un desbordamiento del búfer y una posible ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820 https://usn.ubuntu.com/4238-1 • CWE-390: Detection of Error Condition Without Action CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •