CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-11598 – ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11598
29 Apr 2019 — In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. En ImageMagick versión 7.0.8-40 Q16, Hay una lectura excesiva de búfer en la región heap de la memoria en la función WritePNMImage del archivo coders/pnm.c, que permite que un atacante genere una Denegación de Servicio ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 1CVE-2019-11597 – ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11597
29 Apr 2019 — In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. ImageMagick en la versión 7.0.8-43 Q16, tiene una sobre-lectura de búfer basada en pilas en la función WriteTIFFImage de coders/tiff.c, que permite a un atacante causar una denegación de servicio o posiblemente la divulgación de información a través de un archivo de imagen diseña... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 1CVE-2019-11472 – ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component
https://notcve.org/view.php?id=CVE-2019-11472
23 Apr 2019 — ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. ReadXWDImage en coders/xwd.c en el componente de análisis de imágenes XWD de ImageMagick 7.0.8-41 Q16 permite a los atacantes causar una denegación de servicio (error de división por cero) al crear un archivo de imagen XWD en el que el encabezado indica ni L... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html • CWE-248: Uncaught Exception CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 4%CPEs: 1EXPL: 1CVE-2019-11470 – ImageMagick: denial of service in cineon parsing component
https://notcve.org/view.php?id=CVE-2019-11470
23 Apr 2019 — The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. El componente de análisis de cineon en ImageMagick 7.0.8-26 Q16, permite a los atacantes provocar una denegación de servicio (consumo incontrolado de recursos) creando una imagen Cineon con un tamaño de ima... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
02 Apr 2019 — LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10650 – ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
https://notcve.org/view.php?id=CVE-2019-10650
30 Mar 2019 — In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función WriteTIFFImage de coders/tiff.c que permite al atacante provocar una denegación de servicio (DoS) o divulgación de información mediante un archivo de imagen manipulado... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10649 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-10649
30 Mar 2019 — In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una vulnerabilidad de filtrado de memoria en la función SVGKeyValuePairs de coders/svg.c que permite al atacante provocar una denegación de servicio (DoS) mediante un archivo de imagen manipulado. Handling problems and cases of missing or incomplete input sanitising may result in d... • http://www.securityfocus.com/bid/107645 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-9956 – imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-9956
23 Mar 2019 — In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Se ha encontrado una vulnerabilidad de desbordamiento de búfer basado en pila en ImageMagick 7.0.8-35 Q16 en la función PopHexPixel en coders/ps.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen manipulado. ImageMagick is an image displ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7175 – imagemagick: memory leak in function DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2019-7175
07 Mar 2019 — In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, hay fugas de memoria en DecodeImage en coders/pcd.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7398 – ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
https://notcve.org/view.php?id=CVE-2019-7398
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WriteDIBImage en coders/dib.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •