Page 15 of 295 results (0.025 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. La función WritePALMImage() en el archivo /coders/palm.c usó conversiones size_t en varias áreas de un cálculo que podría conllevar a valores fuera del rango de comportamiento indefinido de tipo representable "unsigned long" cuando un archivo de entrada diseñado era procesado por ImageMagick. • https://bugzilla.redhat.com/show_bug.cgi?id=1894679 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. En la función "GammaImage()" del archivo /MagickCore/enhance.c, dependiendo del valor de "gamma", es posible activar una condición de división por cero cuando ImageMagick procesa un archivo de entrada diseñado. • https://bugzilla.redhat.com/show_bug.cgi?id=1894239 https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-369: Divide By Zero •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. Se encontró un fallo en ImageMagick en el archivo coders/hdr.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894680 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Se encontró un fallo en ImageMagick en el archivo MagickCore/resize.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894682 https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-369: Divide By Zero •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. En el archivo /MagickCore/statistic.c, presenta varias áreas en la función ApplyEvaluateOperator() donde una conversión size_t debería haber sido una conversión ssize_t, lo que causa valores fuera de rango bajo algunas circunstancias cuando ImageMagick procesa un archivo de entrada diseñado. Red Hat Product Security marcó esto como de gravedad baja porque, aunque podría generar un impacto en la disponibilidad de la aplicación, ningún impacto específico fue mostrado en este caso. • https://bugzilla.redhat.com/show_bug.cgi?id=1894683 https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5 https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-190: Integer Overflow or Wraparound •