CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14980 – ImageMagick: use-after-free in magick/blob.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2019-14980
In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. En ImageMagick versiones 7.x anteriores a 7.0.8-42 y versiones 6.x anteriores a 6.9.10-42, hay una vulnerabilidad de uso de la memoria previamente liberada en la función UnmapBlob que permite a un atacante causar una denegación de servicio mediante el envío de un archivo especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html https://github.com/ImageMagick/ImageMagick/commit/c5d012a46ae22be9444326aa37969a3f75daa3ba https://github.com/ImageMagick/ImageMagick/compare/7.0.8-41...7.0.8-42 https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 https://github.com/ImageMagick/ImageMagick6/issues/43 https://access.redhat.com/security/cve/CVE-2019-14980 https:// • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-13454 – ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c
https://notcve.org/view.php?id=CVE-2019-13454
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. ImageMagick versión 7.0.8-54 Q16, permite la División por Cero en la función RemoveDuplicateLayers en el archivo MagickCore/layer.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html http://www.securityfocus.com/bid/109099 https://github.com/ImageMagick/ImageMagick/commit/1ddcf2e4f28029a888cadef2e757509ef5047ad8 https://github.com/ImageMagick/ImageMagick/issues/1629 https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-13391
https://notcve.org/view.php?id=CVE-2019-13391
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. En ImageMagick versión 7.0.8-50 Q16, la función ComplexImages en el archivo MagickCore/fourier.c, presenta una lectura excesiva del búfer en la región heap de la memoria debido a llamadas incorrectas a GetCacheViewVirtualPixels. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7 https://github.com/ImageMagick/ImageMagick/issues/1588 https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4192-1 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-13311 – ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error
https://notcve.org/view.php?id=CVE-2019-13311
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. ImageMagick versión 7.0.8-50 Q16 existe una vulnerabilidad de fuga de memoria en AcquireMagickMemory debido a un error en wand/mogrify.c A flaw was found in ImageMagick, containing memory leaks of AcquireMagickMemory due to a wand/mogrify.c error. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a https://github.com/ImageMagick/ImageMagick/issues/1623 https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-13311 https://bugzilla.redhat.com/show_bug.cgi?id=1730329 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13310 – ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c
https://notcve.org/view.php?id=CVE-2019-13310
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. ImageMagick versión 7.0.8-50 Q16 tiene fugas de memoria en AcquireMagickMemory debido a un error en MagickWand/mogrify.c. A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to an error found in MagickWand/mogrify.c. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d https://github.com/ImageMagick/ImageMagick/issues/1616 https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 https://usn.ubuntu.com/4192-1 https://access.redhat.com/security/cve/CVE-2019-13310 https://bugzilla.redhat.com/show_bug.cgi?id=1730333 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •