CVE-2008-6071
https://notcve.org/view.php?id=CVE-2008-6071
Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función DecodeImage de coders/pict.c de GraphicsMagick anterior a v1.1.14 y v1.2.x anterior a v1.2.3; permite a atacantes remotos provocar una denegación de servicio (caída) o puede que ejecutar código de su elección a través de una imagen PICT manipulada. NOTA: algunos de los detalles se han obtenido de fuentes de terceros. • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c http://secunia.com/advisories/30549 http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837 http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485 http://www.securityfocus.com/bid/29583 https://exchange.xforce.ibmcloud.com/vulnerabilities/42906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-6072
https://notcve.org/view.php?id=CVE-2008-6072
Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images. Múltiples vulnerabilidades no especificadas en GraphicsMagick anterior a v1.1.14, y v1.2.x anterior a 1v.2.3, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores no especificados en (1) XCF y (2) imágenes CINEON. • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xcf.c http://secunia.com/advisories/30549 http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837 http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485 http://www.securityfocus.com/bid/29583 •
CVE-2008-3134
https://notcve.org/view.php?id=CVE-2008-3134
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file. Múltiples vulnerabilidades sin especificar en GraphicsMAgick anterior a 1.2.4, permite a atacantes remotos provocar una denegación de servicio (caída, bucle infinito o consumo de memoria) a través de vectores no especificados en los decodificadores (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, y (9) TGA; y (b) la función GetImageCharacteristics en magick/image.c, desde un fichero (10) PNG, (11) JPEG, (12) BMP, o (13) TIFF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://secunia.com/advisories/30879 http://secunia.com/advisories/32151 http://sourceforge.net/forum/forum.php?forum_id=841176 http://sourceforge.net/project/shownotes.php?release_id=610253 http://www.securityfocus.com/bid/30055 http://www.securitytracker.com/id?1020413 http://www.vupen.com/english/advisories/2008/1984/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43511 https://exchange.xforce.ibmcloud& • CWE-399: Resource Management Errors •
CVE-2007-0770
https://notcve.org/view.php?id=CVE-2007-0770
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. Desbordamiento de búfer en GraphicsMagick y ImageMagick permite a atacantes con la intervención del usuario provocar denegación de servicio y posiblemente ejecutar código de su elección a través de una imagen PALM que no se maneja de forma adecuada por la función ReadPALMImage en coders/palm.c.NOTA: este asunto se debe a un parche incompleto para CVE-2006-5456. • http://secunia.com/advisories/24167 http://secunia.com/advisories/24196 http://www.debian.org/security/2007/dsa-1260 http://www.mandriva.com/security/advisories?name=MDKSA-2007:041 http://www.novell.com/linux/security/advisories/2007_3_sr.html http://www.osvdb.org/31911 http://www.securityfocus.com/archive/1/459507/100/0/threaded http://www.ubuntu.com/usn/usn-422-1 https://issues.rpath.com/browse/RPL-1034 •
CVE-2006-5456 – Overflows in GraphicsMagick and ImageMagick's DCM and PALM handling routines
https://notcve.org/view.php?id=CVE-2006-5456
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. Múltiples desbordamientos de búfer en GraphicsMagick anterior a 1.1.7 e ImageMagick 6.0.7 permiten a atacantes con intervención del usuario provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante (1) una imagen DCM que no es manejada adecuadamente por la función ReadDCMImage en coders/dcm.c, o (2) una imagen PALM que no es manejada adecuadamente por la función ReadPALMImage en coders/palm.c. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://packages.debian.org/changelogs/pool/main/g/graphicsmagick/graphicsmagick_1.1.7-9/changelog#versionversion1.1.7-9 http://secunia.com/advisories/22569 http://secunia.com/advisories/22572 http://secunia.com/advisories/22601 http://secunia.com/advisories/22604 http://secunia.com/advisories/22819 http://secunia.com/advisories/22834 http://secunia.com/advisories/22998 http://secunia.com/advisories/23090 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •