CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5357 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5357
12 Jan 2018 — ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. ImageMagick 7.0.7-22 Q16 tiene fugas de memoria en la función ReadDCMImage en coders/dcm.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102497 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5358 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5358
12 Jan 2018 — ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. ImageMagick 7.0.7-22 Q16 tiene fugas de memoria en la función EncodeImageAttributes en coders/json.c, tal y como demuestra la función ReadPSDLayersInternal en coders/psd.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a speciall... • https://github.com/ImageMagick/ImageMagick/issues/939 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5345 – gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-5345
12 Jan 2018 — A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. Atacantes maliciosos pueden explotar un desbordamiento de búfer basado en pila en GNOME gcab hasta la versión 0.7.4 para provocar un cierre inesperado o, potencialmente, ejecutar código arbitrario mediante un archivo .cab manipulado. It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-b... • https://access.redhat.com/errata/RHSA-2018:0350 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5205 – Ubuntu Security Notice USN-3527-1
https://notcve.org/view.php?id=CVE-2018-5205
06 Jan 2018 — When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. Al utilizar códigos escapados incompletos, Irssi en versiones anteriores a la 1.0.6 podría acceder a datos más allá del final de la cadena. Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch disco... • https://irssi.org/security/irssi_sa_2018_01.txt • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5246 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5246
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadPATTERNImage en coders/pattern.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102469 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5247 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5247
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadRLAImage en coders/rla.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • https://github.com/ImageMagick/ImageMagick/issues/928 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18022 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18022
05 Jan 2018 — In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. ImageMagick 7.0.7-12 Q16 tiene una fuga de memoria en MontageImageCommand en MagickWand/montage.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking ... • http://www.securityfocus.com/bid/102437 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 1CVE-2018-5248 – Debian Security Advisory 4204-1
https://notcve.org/view.php?id=CVE-2018-5248
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. En ImageMagick 7.0.7-17 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función ReadSIXELImage en coders/sixel.c, relacionada con la función sixel_decode. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially cr... • http://www.securityfocus.com/bid/102431 • CWE-125: Out-of-bounds Read •
CVSS: 5.6EPSS: 94%CPEs: 1467EXPL: 10CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have imp... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 90%CPEs: 1090EXPL: 8CVE-2017-5715 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5715
04 Jan 2018 — Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción indirecta de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocess... • https://packetstorm.news/files/id/145645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •