CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17786
https://notcve.org/view.php?id=CVE-2017-17786
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. En GIMP 2.8.22, existe una sobrelectura de búfer basada en memoria dinámica (heap) en ReadImage en plug-ins/common/file-tga.c (relacionado con bgr2rgb.part.1) mediante un valor bits-per-pixel no esperado para una imagen RGBA. • http://www.openwall.com/lists/oss-security/2017/12/19/5 http://www.securityfocus.com/bid/102765 https://bugzilla.gnome.org/show_bug.cgi?id=739134 https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html https://usn.ubuntu.com/3539-1 https://www.debian.org/security/2017/dsa-4077 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17785
https://notcve.org/view.php?id=CVE-2017-17785
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. En GIMP 2.8.22, existe un desbordamiento de búfer basado en memoria dinámica (heap) en la función fli_read_brun en plug-ins/file-fli/fli.c. • http://www.openwall.com/lists/oss-security/2017/12/19/5 https://bugzilla.gnome.org/show_bug.cgi?id=739133 https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html https://usn.ubuntu.com/3539-1 https://www.debian.org/security/2017/dsa-4077 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17784
https://notcve.org/view.php?id=CVE-2017-17784
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. En GIMP 2.8.22, existe una sobrelectura de búfer basada en memoria dinámica (heap) en load_image en plug-ins/common/file-gbr.c en el analizador import gbr. Esto está relacionado con la gestión incorrecta de datos UTF-8. • http://www.openwall.com/lists/oss-security/2017/12/19/5 http://www.securityfocus.com/bid/102899 https://bugzilla.gnome.org/show_bug.cgi?id=790784 https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html https://usn.ubuntu.com/3539-1 https://www.debian.org/security/2017/dsa-4077 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-17788
https://notcve.org/view.php?id=CVE-2017-17788
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. En GIMP 2.8.22, existe una sobrelectura de búfer basada en pila en xcf_load_stream en app/xcf/xcf.c cuando no hay un carácter "\0" después de la cadena version. • http://www.openwall.com/lists/oss-security/2017/12/19/5 https://bugzilla.gnome.org/show_bug.cgi?id=790783 https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html https://usn.ubuntu.com/3539-1 https://www.debian.org/security/2017/dsa-4077 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-17680
https://notcve.org/view.php?id=CVE-2017-17680
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.7-12 Q16 en la función ReadXPMImage en coders/xpm.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen xpm manipulado. • http://www.securityfocus.com/bid/102203 https://github.com/ImageMagick/ImageMagick/issues/873 https://usn.ubuntu.com/3681-1 • CWE-772: Missing Release of Resource after Effective Lifetime •