CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20184
https://notcve.org/view.php?id=CVE-2018-20184
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. En GraphicsMagick 1.4 snapshot-20181209 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteTGAImage de tga.c, lo que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen manipulado. Esto se debe a que el número de filas o columnas puede sobrepasar las restricciones de dimensiones de pixel de la especificación TGA. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b http://www.securityfocus.com/bid/106229 https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html https://sourceforge.net/p/graphicsmagick/bugs/583 https://usn.ubuntu.com/4207-1 https://www.debian.org/security/2020/dsa-4640 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 10%CPEs: 57EXPL: 1CVE-2005-0005
https://notcve.org/view.php?id=CVE-2005-0005
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. • http://marc.info/?l=bugtraq&m=110608222117215&w=2 http://www.debian.org/security/2005/dsa-646 http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities http://www.redhat.com/support/errata/RHSA-2005-070.html http://www.redhat.com/support/errata/RHSA-2005-071.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925 https://access.redhat.com/security/cve/CVE-2 •