CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14437 – ImageMagick: memory leak in parse8BIM in coders/meta.c
https://notcve.org/view.php?id=CVE-2018-14437
20 Jul 2018 — ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en parse8BIM en coders/meta.c. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration. It was discovered that several memor... • https://github.com/ImageMagick/ImageMagick/issues/1190 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-13153 – ImageMagick: memory leak in the XMagickCommand function in MagickCore/animate.c
https://notcve.org/view.php?id=CVE-2018-13153
05 Jul 2018 — In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. En ImageMagick 7.0.8-4 hay una fuga de memoria en la función XMagickCommand en MagickCore/animate.c. A memory leak was discovered in ImageMagick in the XMagickCommand function in animate.c file. An array of strings, named filelist, is allocated on the heap but not released in case the function ExpandFilenames returns an error code. ImageMagick is an image display and manipulation tool for the X Window Syst... • http://www.securityfocus.com/bid/104687 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2018-12600 – ImageMagick: out of bounds write ReadDIBImage and WriteDIBImage in coders/dib.c
https://notcve.org/view.php?id=CVE-2018-12600
20 Jun 2018 — In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. En ImageMagick 7.0.8-3 Q16, ReadDIBImage y WriteDIBImage en coders/dib.c permiten que los atacantes provoquen una escritura fuera de límites mediante un archivo manipulado. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Issues addressed include buffer overflow, denial of service, double fr... • https://github.com/ImageMagick/ImageMagick/issues/1178 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2018-12599 – ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c
https://notcve.org/view.php?id=CVE-2018-12599
20 Jun 2018 — In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. En ImageMagick 7.0.8-3 Q16, ReadBMPImage y WriteBMPImage en coders/bmp.c permiten que los atacantes provoquen una escritura fuera de límites mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attack... • https://github.com/ImageMagick/ImageMagick/issues/1177 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-11655 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-11655
01 Jun 2018 — In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.7-20 Q16 x86_64 en la función GetImagePixelCache en MagickCore/cache.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen CALS manipulado. It was discovered... • https://github.com/ImageMagick/ImageMagick/issues/930 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-11656 – ImageMagick: memory leak in ReadDCMImage function in coders/dcm.c
https://notcve.org/view.php?id=CVE-2018-11656
01 Jun 2018 — In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.7-20 Q16 en la función ReadDCMImage en coders/dcm.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen DCM manipulado. It was discovered that ImageMagick incorrectly han... • https://github.com/ImageMagick/ImageMagick/issues/931 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2018-11625 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-11625
31 May 2018 — In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. En ImageMagick 7.0.7-37 Q16, SetGrayscaleImage en el archivo quantize.c permite que los atacantes provoquen una sobrelectura de búfer basada en memoria dinámica (heap) mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a spec... • https://github.com/ImageMagick/ImageMagick/issues/1156 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11624
https://notcve.org/view.php?id=CVE-2018-11624
31 May 2018 — In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. En ImageMagick 7.0.7-36 Q16, la función ReadMATImage en coders/mat.c permite que los atacantes provoquen un uso de memoria previamente liberada mediante un archivo manipulado. • https://github.com/ImageMagick/ImageMagick/issues/1149 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-11251 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-11251
18 May 2018 — In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, en ReadSUNImage en coders/sun.c que permite que atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación en ... • https://github.com/ImageMagick/ImageMagick/issues/956 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18272
https://notcve.org/view.php?id=CVE-2017-18272
18 May 2018 — In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. Hay un uso de memoria previamente liberada en ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25 en la función ReadOneMNGImage en coders/png.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen MNG manipulado ... • https://github.com/ImageMagick/ImageMagick/issues/918 • CWE-416: Use After Free •