CVE-2019-13310 – ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c
https://notcve.org/view.php?id=CVE-2019-13310
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c. ImageMagick versión 7.0.8-50 Q16 tiene fugas de memoria en AcquireMagickMemory debido a un error en MagickWand/mogrify.c. A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to an error found in MagickWand/mogrify.c. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d https://github.com/ImageMagick/ImageMagick/issues/1616 https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 https://usn.ubuntu.com/4192-1 https://access.redhat.com/security/cve/CVE-2019-13310 https://bugzilla.redhat.com/show_bug.cgi?id=1730333 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-13309 – ImageMagick: memory leaks at AcquireMagickMemory due to mishandling the NoSuchImage error in CLIListOperatorImages
https://notcve.org/view.php?id=CVE-2019-13309
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. ImageMagick versión 7.0.8-50 Q16 tiene fugas de memoria en AcquireMagickMemory debido a la mala gestión del error NoSuchImage en CLIListOperatorImages en MagickWand/operation.c. A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to the mishandling of the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. It was discovered that ImageMagick does not properly release acquired memory in function MogrifyImageList() when some error conditions are met, or the "compare" option is used. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/5f21230b657ccd65452dd3d94c5b5401ba691a2d https://github.com/ImageMagick/ImageMagick/issues/1616 https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-13309 https://bugzilla.redhat.com/show_bug.cgi?id=1730337 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-13308
https://notcve.org/view.php?id=CVE-2019-13308
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage. ImageMagick versión 7.0.8-50 Q16 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en MagickCore/fourier.c en ComplexImage. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/61135001a625364e29bdce83832f043eebde7b5a https://github.com/ImageMagick/ImageMagick/issues/1595 https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-787: Out-of-bounds Write •
CVE-2019-13307 – ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows
https://notcve.org/view.php?id=CVE-2019-13307
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows. ImageMagick versión 7.0.8-50 Q16 presenta una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en MagickCore/statistic.c en EvaluateImages debido a la mala gestión de las filas. A heap-based buffer overflow was discovered in ImageMagick in the way it parses images when using the evaluate-sequence option. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/025e77fcb2f45b21689931ba3bf74eac153afa48 https://github.com/ImageMagick/ImageMagick/issues/1615 https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://www.debian.org/security/2020/dsa-4715 https://access.redhat.com/security/cve/CVE-2019-13307 https://bugzilla.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2019-13306 – ImageMagick: stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors
https://notcve.org/view.php?id=CVE-2019-13306
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors. ImageMagick versión 7.0.8-50 Q16 tiene un desbordamiento de búfer basado en pila en coders/pnm.c en WritePNMImage debido a los errores de superación de límite (off-by-one). A stack-based buffer overflow was discovered in ImageMagick in the way it writes PNM images due to off-by-one errors. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd https://github.com/ImageMagick/ImageMagick/issues/1612 https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4715 https://access.redhat.com/security/cve/CVE-2019-13306 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •