CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2017-1000476 – ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c
https://notcve.org/view.php?id=CVE-2017-1000476
03 Jan 2018 — ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. Se ha encontrado una vulnerabilidad de agotamiento de CPU en ImageMagick 7.0.7-12 Q16 en la función ReadPDBImage en coders/dds.c. Esta vulnerabilidad permite que los atacantes causen una denegación de servicio. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick we... • http://www.securityfocus.com/bid/102428 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-1000422 – Debian Security Advisory 4088-1
https://notcve.org/view.php?id=CVE-2017-1000422
02 Jan 2018 — Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution Gnome gdk-pixbuf 2.36.8 y anteriores es vulnerable a varios desbordamientos de enteros en la función gif_get_lzw. Esto resulta en la corrupción de memoria y la potencial ejecución de código. It was discovered that GDK-PixBuf incorrectly handled certain gif images. An attacker could use this to execute arbitrary code. This issue only affected Ubun... • https://bugzilla.gnome.org/show_bug.cgi?id=785973 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-1000445 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-1000445
02 Jan 2018 — ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service ImageMagick 7.0.7-1 y anteriores es vulnerable a una desreferencia de puntero NULL en el componente MagickCore. Esto podría desembocar en una denegación de servicio (DoS). It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attac... • http://www.securityfocus.com/bid/102368 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18008 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18008
01 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadPWPImage en coders/pwp.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102346 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.3EPSS: 1%CPEs: 16EXPL: 1CVE-2017-7829 – Mozilla: From address with encoded null character is cut off in message header display
https://notcve.org/view.php?id=CVE-2017-7829
29 Dec 2017 — It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. Es posible suplantar la dirección de correo del remitente y mostrar una dirección de envío arbitraria al correo receptor. La dirección de envío real no se muestra si viene precedida de un carácter nulo en la cadena de muestra. • http://www.securityfocus.com/bid/102258 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17934 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17934
27 Dec 2017 — ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. ImageMagick 7.0.7-17 Q16 x86_64 tiene filtrados de memoria en coders/msl.c. Esto está relacionado con MSLPopImage y ProcessMSLScript, y se asocia a una mala gestión de llamadas MSLPushImage. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into ope... • http://www.securityfocus.com/bid/102314 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-17914 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17914
26 Dec 2017 — In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. Se ha encontrado una vulnerabilidad en ImageMagick 7.0.7-16 Q16 en la función ReadOnePNGImage en coders/png.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (bucle ReadOneMNGImage de gran tamaño) mediante un archivo de imagen mng manipulado. It was discovered ... • https://github.com/ImageMagick/ImageMagick/issues/908 • CWE-834: Excessive Iteration •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-7160 – Apple Safari FTL JIT Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7160
25 Dec 2017 — An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en algunos productos Apple. • https://support.apple.com/HT208324 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17881 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17881
24 Dec 2017 — In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.7-12 Q16 en la función ReadMATImage en coders/mat.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen MAT manipulado. It was discovered that ImageMagick incorrectly handled ce... • https://github.com/ImageMagick/ImageMagick/issues/878 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17882 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-17882
24 Dec 2017 — In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.7-12 Q16 en la función ReadXPMImage en coders/xpm.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen XPM manipulado. It was discovered that ImageMagick incorrectly handled ce... • https://github.com/ImageMagick/ImageMagick/issues/880 • CWE-772: Missing Release of Resource after Effective Lifetime •