Page 2 of 652 results (0.002 seconds)

CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 1

22 Aug 2023 — A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Una pérdida de memoria en ImageMagick 7.0.10-45 y 6.9.11-22 permite a atacantes remotos realizar una denegación de servicio mediante el comando "identify -help". It was discovered that ImageMagick did not properly handle memory when processing the -help option. An attacker could potentially use this issue to cause a crash. • https://github.com/ImageMagick/ImageMagick/issues/2889 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

08 Aug 2023 — ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. • https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

24 Jul 2023 — A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. This update for ImageMagick fixes the following issues. Fixed heap out of bounds read in PushCharPixel in quantum-private.h. • https://access.redhat.com/security/cve/CVE-2023-3745 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

04 Jul 2023 — A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. Se encontró una vulnerabilidad de desbordamiento del búfer en coders/tiff.c en ImageMagick. Este problema puede permitir que un atacante local engañe al usuario para que abra un archivo especialmente manipulado, lo que provocará un bloqueo de la aplicación y una denegación ... • https://access.redhat.com/security/cve/CVE-2023-3428 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

16 Jun 2023 — A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-34475 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

16 Jun 2023 — A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20... • https://access.redhat.com/security/cve/CVE-2023-3195 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

16 Jun 2023 — A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. This update for ImageMagick fixes the following issues. Fixed heap-based buffer overflow in ReadTIM2ImageData function in coders/tim2.c. • https://access.redhat.com/security/cve/CVE-2023-34474 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

06 Jun 2023 — A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=2208537 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 68%CPEs: 6EXPL: 3

30 May 2023 — A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. • https://github.com/SudoIndividual/CVE-2023-34152 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

30 May 2023 — A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-34151 • CWE-190: Integer Overflow or Wraparound •