CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14980 – ImageMagick: use-after-free in magick/blob.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2019-14980
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. En ImageMagick versiones 7.x anteriores a 7.0.8-42 y versiones 6.x anteriores a 6.9.10-42, hay una vulnerabilidad de uso de la memoria previamente liberada en la función UnmapBlob que permite a un atacante causar una denegación de servicio mediante el envío de un archivo especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/commit/c5d012a46ae22be9444326aa37969a3f75daa3ba https://github.com/ImageMagick/ImageMagick/compare/7.0.8-41...7.0.8-42 https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 https://github.com/ImageMagick/ImageMagick6/issues/43 https://access.redhat.com/security/cve/CVE-2019-14980 https:// • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13137
https://notcve.org/view.php?id=CVE-2019-13137
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de fuga de memoria en la función ReadPSImage in coders/ps. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/35ccb468ee2dcbe8ce9cf1e2f1957acc27f54c34 https://github.com/ImageMagick/ImageMagick/issues/1601 https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13136
https://notcve.org/view.php?id=CVE-2019-13136
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de desbordamiento de enteros en la función TIFFSeekCustomStream in coders/tiff.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891 https://github.com/ImageMagick/ImageMagick/issues/1602 https://support.f5.com/csp/article/K03512441?utm_source=f5support&%3Butm_medium=RSS • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2019-13135 – ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS
https://notcve.org/view.php?id=CVE-2019-13135
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de "use of uninitialized value" en la función ReadCUTImage in coders/cut.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d https://github.com/ImageMagick/ImageMagick/issues/1599 https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://support.f5.com/csp/article/K20336394 https://support.f5.com/csp/article&# • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-13134 – ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c
https://notcve.org/view.php?id=CVE-2019-13134
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de fuga de memoria en la función ReadVIFFImage in coders/viff.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99 https://github.com/ImageMagick/ImageMagick/issues/1600 https://access.redhat.com/security/cve/CVE-2019-13134 https://bugzilla.redhat.com/show_bug.cgi?id=1726081 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •