CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10650 – ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
https://notcve.org/view.php?id=CVE-2019-10650
30 Mar 2019 — In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función WriteTIFFImage de coders/tiff.c que permite al atacante provocar una denegación de servicio (DoS) o divulgación de información mediante un archivo de imagen manipulado... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10649 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-10649
30 Mar 2019 — In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una vulnerabilidad de filtrado de memoria en la función SVGKeyValuePairs de coders/svg.c que permite al atacante provocar una denegación de servicio (DoS) mediante un archivo de imagen manipulado. Handling problems and cases of missing or incomplete input sanitising may result in d... • http://www.securityfocus.com/bid/107645 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-9956 – imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-9956
23 Mar 2019 — In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Se ha encontrado una vulnerabilidad de desbordamiento de búfer basado en pila en ImageMagick 7.0.8-35 Q16 en la función PopHexPixel en coders/ps.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen manipulado. ImageMagick is an image displ... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7175 – imagemagick: memory leak in function DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2019-7175
07 Mar 2019 — In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, hay fugas de memoria en DecodeImage en coders/pcd.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2019-7395 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-7395
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WritePSDChannel en coders/psd.c. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 1CVE-2019-7396 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-7396
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en ReadSIXELImage en coders/sixel.c. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-7397 – ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
https://notcve.org/view.php?id=CVE-2019-7397
05 Feb 2019 — In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, y GraphicsMagick, hasta la versión 1.3.31, existen varias vulnerabilidades de fuga de memoria en WritePDFImage en coders/pdf.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker c... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7398 – ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
https://notcve.org/view.php?id=CVE-2019-7398
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WriteDIBImage en coders/dib.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-20467 – ImageMagick: infinite loop in coders/bmp.c
https://notcve.org/view.php?id=CVE-2018-20467
26 Dec 2018 — In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. En coders/bmp.c en ImageMagick en versiones anteriores a la 7.0.8-16, un archivo de entradas puede resultar en un bucle infinito y un bloqueo, con un gran consumo de CPU y memoria. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18544 – ImageMagick: memory leak in WriteMSLImage of coders/msl.c
https://notcve.org/view.php?id=CVE-2018-18544
21 Oct 2018 — There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Hay una fuga de memoria en la función WriteMSLImage en coders/msl.c en ImageMagick 7.0.8-13 Q16, así como en la función ProcessMSLScript de coders/msl.c en GraphicsMagick en versiones anteriores a la 1.3.31. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image format... • http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •