CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-18271 – ImageMagick: infinite loop in ReadMIFFImage function in coders/miff.c
https://notcve.org/view.php?id=CVE-2017-18271
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. Se ha encontrado una vulnerabilidad de bucle infinito en ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 en la función ReadMIFFImage en coders/miff.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (agotamiento de CPU) mediante un archivo de imagen MIFF manipulado. • https://github.com/ImageMagick/ImageMagick/issues/911 https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2017-18271 https://bugzilla.redhat.com/show_bug.cgi?id=1581486 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2017-18273 – ImageMagick: infinite loop ReadTXTImage in function in coders/txt.c
https://notcve.org/view.php?id=CVE-2017-18273
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call. Se ha encontrado una vulnerabilidad de bucle infinito en ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22 en la función ReadTXTImage en coders/txt.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (agotamiento de CPU) mediante un archivo de imagen manipulado que se gestiona de manera incorrecta durante una llamada GetImageIndexInList. • https://github.com/ImageMagick/ImageMagick/issues/910 https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2017-18273 https://bugzilla.redhat.com/show_bug.cgi?id=1581489 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18272
https://notcve.org/view.php?id=CVE-2017-18272
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. Hay un uso de memoria previamente liberada en ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25 en la función ReadOneMNGImage en coders/png.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo de imagen MNG manipulado que se gestiona de manera incorrecta durante una llamada MngInfoDiscardObject. • https://github.com/ImageMagick/ImageMagick/issues/918 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10804 – ImageMagick: Memory leak in WriteTIFFImage
https://notcve.org/view.php?id=CVE-2018-10804
ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en WriteTIFFImage en coders/tiff.c. • https://github.com/ImageMagick/ImageMagick/issues/1053 https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2018-10804 https://bugzilla.redhat.com/show_bug.cgi?id=1577399 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10805 – ImageMagick: Memory leak in ReadYCBCRImage
https://notcve.org/view.php?id=CVE-2018-10805
ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en ReadYCBCRImage en coders/ycbcr.c. • https://github.com/ImageMagick/ImageMagick/issues/1054 https://usn.ubuntu.com/3681-1 https://access.redhat.com/security/cve/CVE-2018-10805 https://bugzilla.redhat.com/show_bug.cgi?id=1577398 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •