CVE-2017-12805 – ImageMagick: memory exhaustion in function ReadTIFFImage causing denial of service
https://notcve.org/view.php?id=CVE-2017-12805
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service. En ImageMagick versión 7.0.6-6, se encontró una vulnerabilidad de agotamiento de la memoria en la función ReadTIFFImage, que permite a los atacantes generar una Denegación de Servicio (DoS). • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/issues/664 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2017 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-12806 – ImageMagick: memory exhaustion in function format8BIM causing denial of service
https://notcve.org/view.php?id=CVE-2017-12806
In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. En ImageMagick 7.0.6-6, se encontró una vulnerabilidad de agotamiento de memoria en la función format8BIM, que permite a los atacantes causar una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/issues/660 https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2017 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-10131 – ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2019-10131
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa. An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108117 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131 https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2019-10131 https:/ • CWE-193: Off-by-one Error •
CVE-2019-11598 – ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11598
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. En ImageMagick versión 7.0.8-40 Q16, Hay una lectura excesiva de búfer en la región heap de la memoria en la función WritePNMImage del archivo coders/pnm.c, que permite que un atacante genere una Denegación de Servicio o una posible revelaciónde información mediante un archivo de imagen creado. Esto está relacionado con SetGrayscaleImage en el archivo MagickCore/quantize. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108102 https://github.com/ImageMagick/ImageMagick/issues/1540 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/secu • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-11597 – ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11597
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. ImageMagick en la versión 7.0.8-43 Q16, tiene una sobre-lectura de búfer basada en pilas en la función WriteTIFFImage de coders/tiff.c, que permite a un atacante causar una denegación de servicio o posiblemente la divulgación de información a través de un archivo de imagen diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html http://www.securityfocus.com/bid/108102 https://github.com/ImageMagick/ImageMagick/issues/1555 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/secu • CWE-125: Out-of-bounds Read •