CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1289
https://notcve.org/view.php?id=CVE-2023-1289
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. • https://bugzilla.redhat.com/show_bug.cgi?id=2176858 https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0CVE-2023-0056 – haproxy: segfault DoS
https://notcve.org/view.php?id=CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. • https://access.redhat.com/security/cve/CVE-2023-0056 https://bugzilla.redhat.com/show_bug.cgi?id=2160808 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-3213
https://notcve.org/view.php?id=CVE-2022-3213
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. Se ha encontrado un problema de desbordamiento del búfer de la pila en ImageMagick. Cuando una aplicación procesa un archivo TIFF malformado, puede conllevar a un comportamiento indefinido o un bloqueo que cause una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-3213 https://bugzilla.redhat.com/show_bug.cgi?id=2126824 https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 3.2EPSS: 0%CPEs: 11EXPL: 2CVE-2020-14394
https://notcve.org/view.php?id=CVE-2020-14394
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Se ha encontrado un fallo de bucle infinito en la emulación del controlador USB xHCI de QEMU mientras es calculada la longitud del anillo de petición de transferencia (TRB). Este fallo permite a un usuario invitado privilegiado colgar el proceso de QEMU en el host, resultando en una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1908004 https://gitlab.com/qemu-project/qemu/-/issues/646 https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7J5IRXJYLELW7D43A75LOWRUE5EU54O • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-0546
https://notcve.org/view.php?id=CVE-2022-0546
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. Una comprobación de límites ausente en el cargador de imágenes usado en Blender versiones 3.x y 2.93.8, conlleva a un acceso a la pila fuera de límites, permitiendo a un atacante causar una denegación de servicio, corrupción de memoria o potencialmente una ejecución de código • https://developer.blender.org/T94572 https://lists.debian.org/debian-lts-announce/2022/06/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIZADV3AHTWZ2YKEFTVLNK3K4F4KTYLM https://www.debian.org/security/2022/dsa-5176 • CWE-190: Integer Overflow or Wraparound •