CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-5148 – firefox: Use-after-free in compositor potentially allows code execution
https://notcve.org/view.php?id=CVE-2018-5148
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en el compositor durante determinadas operaciones de gráficos cuando un puntero raw se utiliza en vez de una de conteo de referencias. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/103506 http://www.securitytracker.com/id/1040574 https://access.redhat.com/errata/RHSA-2018:1098 https://access.redhat.com/errata/RHSA-2018:1099 https://bugzilla.mozilla.org/show_bug.cgi?id=1440717 https://lists.debian.org/debian-lts-announce/2018/03/msg00023.html https://usn.ubuntu.com/3609-1 https://www.debian.org/security/2018/dsa-4153 https://www.mozilla.org/security/advisories/mfsa2018-10 https://access.redhat.com/security/cve/CVE& • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-0739 – Constructed ASN.1 types with a recursive definition could exceed the stack
https://notcve.org/view.php?id=CVE-2018-0739
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103518 http://www.securityfocus.com/bid/105609 http://www.securitytracker.com/id/1040576 https://access.redhat.com/errata/RHSA-2018:3090 https://access.redhat.com/errata/RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3505 https&# • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18251 – ImageMagick: memory leak in ReadPCDImage function in coders/pcd.c
https://notcve.org/view.php?id=CVE-2017-18251
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file. Se ha descubierto un problema en la versión 7.0.7 de ImageMagick. Se ha encontrado una vulnerabilidad de filtrado de memoria en la función ReadPCDImage en coders/pcd.c que permite a atacantes remotos provocar una denegación de servicio (DoS) mediante un archivo manipulado. A memory leak vulnerability has been discovered in ImageMagick in the ReadPCDImage function of coders/pcd.c file. • https://github.com/ImageMagick/ImageMagick/issues/809 https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2017-18251 https://bugzilla.redhat.com/show_bug.cgi?id=1561741 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18252 – ImageMagick: assertion failure in MogrifyImageList function in MagickWand/mogrify.c
https://notcve.org/view.php?id=CVE-2017-18252
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. Se ha descubierto un problema en la versión 7.0.7 de ImageMagick. La función MogrigyImageList en MagickWand/mogrify.c permite a los atacantes provocar una denegación de servicio (fallo de aserción y salida de la aplicación en ReplaceImageInList) mediante un archivo manipulado. • https://github.com/ImageMagick/ImageMagick/issues/802 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2017-18252 https://bugzilla.redhat.com/show_bug.cgi?id=1561742 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18254 – ImageMagick: memory leak in WriteGIFImage function in coders/gif.c
https://notcve.org/view.php?id=CVE-2017-18254
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file. Se ha descubierto un problema en la versión 7.0.7 de ImageMagick. Se ha encontrado una vulnerabilidad de filtrado de memoria en la función WriteGIFImage en coders/gif.c que permite a atacantes remotos provocar una denegación de servicio (DoS) mediante un archivo manipulado. A memory leak vulnerability has been discovered in ImageMagick in the WriteGIFImage function of coders/gif.c file. • https://github.com/ImageMagick/ImageMagick/issues/808 https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2017-18254 https://bugzilla.redhat.com/show_bug.cgi?id=1561744 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •