CVE-2017-12805 – ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service
https://notcve.org/view.php?id=CVE-2017-12805
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. En ImageMagick versión 7.0.6-6, se encontró una vulnerabilidad de agotamiento de la memoria en la función ReadTIFFImage, que permite a los atacantes generar una Denegación de Servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/issues/664 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2017 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-12806 – ImageMagick: memory exhaustion in function format8BIM causing denial of service
https://notcve.org/view.php?id=CVE-2017-12806
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. En ImageMagick 7.0.6-6, se encontró una vulnerabilidad de agotamiento de memoria en la función format8BIM, que permite a los atacantes causar una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/issues/660 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2017 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-10131 – ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2019-10131
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa. An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108117 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131 https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2019-10131 https:/ • CWE-193: Off-by-one Error •
CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a https://github.com/ImageMagick/ImageMagick/issues/1495 • CWE-125: Out-of-bounds Read •
CVE-2019-7175 – imagemagick: memory leak in function DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2019-7175
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, hay fugas de memoria en DecodeImage en coders/pcd.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae https://github.com/ImageMagick/ImageMagick/issues/1450 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-7175 https://bugzilla.redhat.com/show_bug.cgi?id=1687436 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •