CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18023 – Ubuntu Security Notice USN-4034-1
https://notcve.org/view.php?id=CVE-2018-18023
07 Oct 2018 — In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en ImageMagick 7.0.8-13 Q16, en la función SVGStripString de coders/svg.c que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen SVG manipulado. It was discovered that ImageMagick incorrectly handled certai... • https://github.com/ImageMagick/ImageMagick/issues/1336 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18024 – ImageMagick: infinite loop in the ReadBMPImage function of the coders/bmp.c
https://notcve.org/view.php?id=CVE-2018-18024
07 Oct 2018 — In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. En ImageMagick 7.0.8-13 Q16, hay un bucle infinito en la función ReadBMPImage del archivo coders/bmp.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo bmp manipulado. • https://github.com/ImageMagick/ImageMagick/issues/1337 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18025 – Ubuntu Security Notice USN-6980-1
https://notcve.org/view.php?id=CVE-2018-18025
07 Oct 2018 — In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en ImageMagick 7.0.8-13 Q16, en la función EncodeImage de coders/pict.c que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen SVG manipulado. It was discovered that ImageMagick incorrectly handled certain ma... • https://github.com/ImageMagick/ImageMagick/issues/1335 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18016 – ImageMagick: memory leak in WritePCXImage in coders/pcx.c
https://notcve.org/view.php?id=CVE-2018-18016
05 Oct 2018 — ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en WritePCXImage en coders/pcx.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-18016 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17965
https://notcve.org/view.php?id=CVE-2018-17965
03 Oct 2018 — ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en WriteSGIImage en coders/sgi.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17965 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17966 – ImageMagick: memory leak in WritePDBImage in coders/pdb.c
https://notcve.org/view.php?id=CVE-2018-17966
03 Oct 2018 — ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en WritePDBImage en coders/pdb.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17966 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17967 – ImageMagick: memory leak in ReadBGRImage in coders/bgr.c.
https://notcve.org/view.php?id=CVE-2018-17967
03 Oct 2018 — ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en ReadBGRImage en coders/bgr.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17967 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-16749 – ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2018-16749
09 Sep 2018 — In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. En ImageMagick 7.0.7-29 y anteriores, la falta de una comprobación NULL en ReadOneJNGImage en coders/png.c permite que un atacante provoque una denegación de servicio (fallo de aserción en WriteBlob y salida de la aplicación) mediante un archivo manipulado. Due to a large number of issues discovered... • https://github.com/ImageMagick/ImageMagick/issues/1119 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16750 – ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2018-16750
09 Sep 2018 — In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. En ImageMagick 7.0.7-29 y anteriores, se ha encontrado una fuga de memoria en la función formatIPTCfromBuffer en coders/meta.c. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if nece... • http://www.securityfocus.com/bid/108492 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-16640 – ImageMagick: memory leak in ReadOneJNGImage function in coders/png.c
https://notcve.org/view.php?id=CVE-2018-16640
06 Sep 2018 — ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. ImageMagick 7.0.8-5 tiene una vulnerabilidad de fuga de memoria en la función ReadOneJNGImage en coders/png.c. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate Imag... • https://github.com/ImageMagick/ImageMagick/commit/76efa969342568841ecf320b5a041685a6d24e0b • CWE-125: Out-of-bounds Read CWE-772: Missing Release of Resource after Effective Lifetime •