CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2016-5690 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-5690
26 Aug 2016 — The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. La función ReadDCMImage en DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican la instrucción por computación de la tabla de escalado de píxeles. h... • http://www.openwall.com/lists/oss-security/2016/06/14/5 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2016-5691 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-5691
26 Aug 2016 — The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. El DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado al aprovechar la falta de validación de (1) pixel.red, (2) pixel.green y (3) pixel.blue. handling problems and cases of missing or incomplete... • http://www.openwall.com/lists/oss-security/2016/06/14/5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 23%CPEs: 3EXPL: 1CVE-2016-5841 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-5841
26 Aug 2016 — Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. Desbordamiento de entero en MagickCore/profile.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) o posiblemente ejecutar código arbitrario a través de vectores que implican a la variable offset. handl... • http://www.openwall.com/lists/oss-security/2016/06/23/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 2CVE-2016-5842 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-5842
26 Aug 2016 — MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. handling problems and cases of missing or incomplete input sanitising may result i... • http://www.openwall.com/lists/oss-security/2016/06/23/1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5010 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-5010
26 Aug 2016 — coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. coders/tiff.c en ImageMagick en versiones anteriores a 6.9.5-3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo TIFF manipulado. handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD,... • http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 20EXPL: 2CVE-2016-6491 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-6491
26 Aug 2016 — Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. Desbordamiento de búfer en la función Get8BIMProperty en MagickCore/property.c en ImageMagick en versiones anteriores a 6.9.5-4 y 7.x en versiones anteriores a 7.0.2-6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites, fuga de ... • http://www.openwall.com/lists/oss-security/2016/07/28/13 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2015-8895 – ImageMagick: Integer and buffer overflow in coders/icon.c
https://notcve.org/view.php?id=CVE-2015-8895
17 Jun 2016 — Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. Desbordamiento de entero en coders/icon.c en ImageMagick 6.9.1-3 y versiones posteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un valor de longitud manipulado, lo que desencadena un desbordamiento de búfer. ImageMagick is an image display and mani... • http://www.openwall.com/lists/oss-security/2016/06/02/13 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 25EXPL: 0CVE-2015-8896 – ImageMagick: Integer truncation vulnerability in coders/pict.c
https://notcve.org/view.php?id=CVE-2015-8896
17 Jun 2016 — Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple... • http://www.openwall.com/lists/oss-security/2015/10/07/2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5239 – ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection
https://notcve.org/view.php?id=CVE-2016-5239
17 Jun 2016 — The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attack... • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-4562 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-4562
04 Jun 2016 — The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función DrawDashPolygon en MagickCore/draw.c en ImageMagick en versiones anteriores a 6.9.4-0 y 7.x en versiones anteriores a 7.0.1-2 no maneja correctamente los cálculos de ciertos vérti... • http://www.imagemagick.org/script/changelog.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •