CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10251
https://notcve.org/view.php?id=CVE-2020-10251
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. ImageMagick versión 7.0.9, tiene una vulnerabilidad de lectura fuera de límites dentro de la función ReadHEICImageByID en el archivo coders\heic.c. Puede ser desencadenada por medio de una imagen con un valor de anchura o altura que exceda el tamaño real de la imagen. • https://github.com/ImageMagick/ImageMagick/issues/1859 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19948 – ImageMagick: heap-based buffer overflow in WriteSGIImage in coders/sgi.c
https://notcve.org/view.php?id=CVE-2019-19948
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. En ImageMagick versión 7.0.8-43 Q16, se presenta un desbordamiento de búfer en la región heap de la memoria en la función WriteSGIImage del archivo coders/sgi.c. A heap-based buffer overflow flaw was discovered in ImageMagick when writing SGI images with improper columns and rows properties. An attacker may trick a victim user into downloading a malicious image file and running it through ImageMagick, possibly executing code onto the victim user's system. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html https://github.com/ImageMagick/ImageMagick/issues/1562 https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html https://usn.ubuntu.com/4549-1 https://www.debian.org/security/2020/dsa-4712 https://www.debian.org/security/2020/dsa-4715 https://access.redhat.com/security/cve/CVE-2019-19948 https://bugzilla.redhat.com/show_bug.cgi?id=1793177 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19952
https://notcve.org/view.php?id=CVE-2019-19952
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. En ImageMagick versión 7.0.9-7 Q16, se presenta un uso de la memoria previamente liberada en la función MngInfoDiscardObject del archivo coders/png.c, relacionado con ReadOneMNGImage. • https://github.com/ImageMagick/ImageMagick/issues/1791 • CWE-416: Use After Free •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1CVE-2019-19949 – ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2019-19949
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. En ImageMagick versión 7.0.8-43 Q16, se presenta una lectura excesiva de búfer en la región heap de la memoria en la función WritePNGImage del archivo coders/png.c, relacionada con Magick_png_write_raw_profile y LocaleNCompare. An out-of-bounds read was discovered in ImageMagick when writing PNG images. An attacker may abuse this flaw to trick a victim user into downloading a malicious image file and running it through ImageMagick, causing the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html https://github.com/ImageMagick/ImageMagick/issues/1561 https://lists.debian.org/debian-lts-announce/2019/12/msg00033.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4549-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-19949 https://bugzilla.redhat.com/show_bug.cgi?id=1792480 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18853
https://notcve.org/view.php?id=CVE-2019-18853
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. ImageMagick versiones anteriores a 7.0.9-0, permite a atacantes remotos causar una denegación de servicio porque XML_PARSE_HUGE no está restringido apropiadamente en el archivo coders/svg.c, relacionado con SVG y libxml2. • https://fortiguard.com/zeroday/FG-VD-19-136 https://github.com/ImageMagick/ImageMagick/commit/ec9c8944af2bfc65c697ca44f93a727a99b405f1 • CWE-674: Uncontrolled Recursion •