Page 27 of 258 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c. ImageMagick versión 7.0.8-34 tiene una vulnerabilidad de pérdida de memoria en la función WriteDPXImage en coders/dpx.c. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the WriteDPXImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html http://www.securityfocus.com/bid/108913 https://github.com/ImageMagick/ImageMagick/issues/1517 https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-12975 https://bugzilla.redhat.com/show_bug.cgi?id=1732282 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image. Una desreferencia de puntero NULL en la función ReadPANGOImage en coders/pango.c y la función ReadVIDImage en coders/vid.c en ImageMagick versión 7.0.8-34 permite a los atacantes remotos provocar una denegación de servicio a través de una imagen diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html http://www.securityfocus.com/bid/108913 https://github.com/ImageMagick/ImageMagick/issues/1515 https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-12974 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa. An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108117 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131 https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2019-10131 https:/ • CWE-193: Off-by-one Error •

CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1

In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. En ImageMagick versión 7.0.8-40 Q16, Hay una lectura excesiva de búfer en la región heap de la memoria en la función WritePNMImage del archivo coders/pnm.c, que permite que un atacante genere una Denegación de Servicio o una posible revelaciónde información mediante un archivo de imagen creado. Esto está relacionado con SetGrayscaleImage en el archivo MagickCore/quantize. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108102 https://github.com/ImageMagick/ImageMagick/issues/1540 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/secu • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 1

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. ImageMagick en la versión 7.0.8-43 Q16, tiene una sobre-lectura de búfer basada en pilas en la función WriteTIFFImage de coders/tiff.c, que permite a un atacante causar una denegación de servicio o posiblemente la divulgación de información a través de un archivo de imagen diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html http://www.securityfocus.com/bid/108102 https://github.com/ImageMagick/ImageMagick/issues/1555 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/secu • CWE-125: Out-of-bounds Read •