CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9830
https://notcve.org/view.php?id=CVE-2016-9830
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. La función MagickRealloc en memory.c en Graphicsmagick 1.3.25 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una imagen jpeg de grandes dimensiones. • http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8 http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html http://www.debian.org/security/2016/dsa-3746 http://www.openwall.com/lists/oss-security/2016/12/05/5 http://www.securityfocus.com/bid/94625 https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c https://bugzilla.redhat.com/show_bug.cgi?id=1401536 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-2317
https://notcve.org/view.php?id=CVE-2016-2317
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. Múltiples desbordamientos de búfer en GraphicsMagick 1.3.23 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo SVG manipulado, relacionado con (1) la función TracePoint en magick/render.c, (2) función GetToken en magick/utility.c, y (3) función GetTransformTokens en coders/svg.c. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html http://www.debian.org/security/2016/dsa-3746 http://www.openwall.com/lists/oss-security/2016/02/11/6 http://www.openwall.com/lists/oss-security/2016/05/20/4 http://www.openwall.com/lists/oss-security/2016/05/27/4 http://www.openwall.com/lists/oss& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7787
https://notcve.org/view.php?id=CVE-2016-7787
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Una linea de comando maliciosamente manipulada para kdesu puede resultar en que el usuario sólo vea parte de los comandos que serán realmente ejecutados como superusuario. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00031.html http://lists.opensuse.org/opensuse-updates/2016-10/msg00034.html http://www.openwall.com/lists/oss-security/2016/09/29/7 http://www.securityfocus.com/bid/93224 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9427
https://notcve.org/view.php?id=CVE-2016-9427
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. Vulnerabilidad de desbordamiento de entero en bdwgc en versiones anteriores a 2016-09-27 permite a atacantes provocar al cliente la denegación de servicio de bdwgc (caída de desbordamiento de búfer en memoria dinámica) y posiblemente ejecutar código arbitrario a través de asignación enorme. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00115.html http://www.openwall.com/lists/oss-security/2016/11/18/3 http://www.securityfocus.com/bid/94407 https://github.com/ivmai/bdwgc/issues/135 https://lists.debian.org/debian-lts-announce/2022/03/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8677
https://notcve.org/view.php?id=CVE-2016-8677
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. La función AcquireQuantumPixels en MagickCore/quantum.c en ImageMagick en versiones anteriores a 7.0.3-1 permite a atacantes remotos tener un impacto no especificado a través de un archivo de imagen manipulado, lo que desencadena un fallo en la asignación de memoria. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00107.html http://www.debian.org/security/2016/dsa-3726 http://www.openwall.com/lists/oss-security/2016/10/16/1 http://www.securityfocus.com/bid/93598 https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c https://bugzilla.redhat.com/show_bug.cgi?id=1385698 https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60 https://github.com/ImageMagick/ImageMagick/issu •