CVE-2016-7524
https://notcve.org/view.php?id=CVE-2016-7524
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. El archivo coders/meta.c en ImageMagick permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) por medio de un archivo diseñado. • http://www.openwall.com/lists/oss-security/2016/09/22/2 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537422 https://bugzilla.redhat.com/show_bug.cgi?id=1378762 https://github.com/ImageMagick/ImageMagick/commit/97c9f438a9b3454d085895f4d1f66389fd22a0fb https://github.com/ImageMagick/ImageMagick/commit/f8c318d462270b03e77f082e2a3a32867cacd3c6 https://github.com/ImageMagick/ImageMagick/issues/96 • CWE-125: Out-of-bounds Read •
CVE-2016-7523
https://notcve.org/view.php?id=CVE-2016-7523
coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. El archivo coders/meta.c en ImageMagick permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) por medio de un archivo diseñado. • http://www.openwall.com/lists/oss-security/2016/09/22/2 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1537420 https://bugzilla.redhat.com/show_bug.cgi?id=1378754 https://github.com/ImageMagick/ImageMagick/issues/94 • CWE-125: Out-of-bounds Read •
CVE-2019-19949 – ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2019-19949
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. En ImageMagick versión 7.0.8-43 Q16, se presenta una lectura excesiva de búfer en la región heap de la memoria en la función WritePNGImage del archivo coders/png.c, relacionada con Magick_png_write_raw_profile y LocaleNCompare. An out-of-bounds read was discovered in ImageMagick when writing PNG images. An attacker may abuse this flaw to trick a victim user into downloading a malicious image file and running it through ImageMagick, causing the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html https://github.com/ImageMagick/ImageMagick/issues/1561 https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4549-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-19949 https://bugzilla.redhat.com/show_bug.cgi?id=1792480 • CWE-125: Out-of-bounds Read •
CVE-2019-17540 – ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-17540
ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. ImageMagick versiones anteriores a 7.0.8-54, presenta un desbordamiento de búfer en la región heap de la memoria en la función ReadPSInfo en el archivo coders/ps.c. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942578 https://github.com/ImageMagick/ImageMagick/compare/7.0.8-53...7.0.8-54 https://github.com/ImageMagick/ImageMagick/compare/master%40%7B2019-07-15%7D...master%40%7B2019-07-17%7D https://security-tracker.debian.org/tracker/CVE-2019-17540 https://access.redhat.com/security/cve/CVE-2019-17540 https://bugzilla.redhat.com/show_bug.cgi?id=1765330 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-17547
https://notcve.org/view.php?id=CVE-2019-17547
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. En ImageMagick versiones anteriores a 7.0.8-62, la función TraceBezier en el archivo MagickCore/draw.c presenta una vulnerabilidad de uso de la memoria previamente liberada. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537 https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397 https://github.com/ImageMagick/ImageMagick/compare/7.0.8-51...7.0.8-62 • CWE-416: Use After Free •