CVE-2019-13391
https://notcve.org/view.php?id=CVE-2019-13391
In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has a heap-based buffer over-read because of incorrect calls to GetCacheViewVirtualPixels. En ImageMagick versión 7.0.8-50 Q16, la función ComplexImages en el archivo MagickCore/fourier.c, presenta una lectura excesiva del búfer en la región heap de la memoria debido a llamadas incorrectas a GetCacheViewVirtualPixels. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/7c2c5ba5b8e3a0b2b82f56c71dfab74ed4006df7 https://github.com/ImageMagick/ImageMagick/issues/1588 https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4192-1 • CWE-125: Out-of-bounds Read •
CVE-2019-13311 – ImageMagick: memory leaks at AcquireMagickMemory because of a wand/mogrify.c error
https://notcve.org/view.php?id=CVE-2019-13311
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error. ImageMagick versión 7.0.8-50 Q16 existe una vulnerabilidad de fuga de memoria en AcquireMagickMemory debido a un error en wand/mogrify.c A flaw was found in ImageMagick, containing memory leaks of AcquireMagickMemory due to a wand/mogrify.c error. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/4a334bbf5584de37c6f5a47c380a531c8c4b140a https://github.com/ImageMagick/ImageMagick/issues/1623 https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-13311 https://bugzilla.redhat.com/show_bug.cgi?id=1730329 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-13310 – ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c
https://notcve.org/view.php?id=CVE-2019-13310
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. ImageMagick versión 7.0.8-50 Q16 tiene fugas de memoria en AcquireMagickMemory debido a un error en MagickWand/mogrify.c. A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to an error found in MagickWand/mogrify.c. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d https://github.com/ImageMagick/ImageMagick/issues/1616 https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 https://usn.ubuntu.com/4192-1 https://access.redhat.com/security/cve/CVE-2019-13310 https://bugzilla.redhat.com/show_bug.cgi?id=1730333 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-13309 – ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages
https://notcve.org/view.php?id=CVE-2019-13309
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. ImageMagick versión 7.0.8-50 Q16 tiene fugas de memoria en AcquireMagickMemory debido a la mala gestión del error NoSuchImage en CLIListOperatorImages en MagickWand/operation.c. A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to the mishandling of the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. It was discovered that ImageMagick does not properly release acquired memory in function MogrifyImageList() when some error conditions are met, or the "compare" option is used. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d https://github.com/ImageMagick/ImageMagick/issues/1616 https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-13309 https://bugzilla.redhat.com/show_bug.cgi?id=1730337 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-13308
https://notcve.org/view.php?id=CVE-2019-13308
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. ImageMagick versión 7.0.8-50 Q16 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en MagickCore/fourier.c en ComplexImage. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a https://github.com/ImageMagick/ImageMagick/issues/1595 https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-787: Out-of-bounds Write •