CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-14326 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14326
12 Sep 2017 — In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de fuga de memoria en ImageMagick 7.0.7-1 Q16 en la función ReadMATImage en coders/mat.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. I... • https://github.com/ImageMagick/ImageMagick/issues/740 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14248
https://notcve.org/view.php?id=CVE-2017-14248
11 Sep 2017 — A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. Una vulnerabilidad de sobrelectura de búfer basada en memoria dinámica (heap) en SampleImage() en MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 permite que atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado. • https://github.com/ImageMagick/ImageMagick/issues/717 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14249 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14249
11 Sep 2017 — ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. ImageMagick 7.0.6-8 Q16 gestiona los chequeos EOF incorrectamente en ReadMPCImage in coders/mpc.c, provocando una división entre cero en GetPixelCacheTileSize in MagickCore/cache.c, permitiendo a los atacantes remotos provocar una denegación de servicio mediante un archivo manipula... • https://github.com/ImageMagick/ImageMagick/issues/708 • CWE-369: Divide By Zero •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-14224 – Debian Security Advisory 4032-1
https://notcve.org/view.php?id=CVE-2017-14224
09 Sep 2017 — A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. Un desbordamiento de búfer basado en montículos en la función WritePCXImage en coders/pcx.c en ImageMagick 7.0.6-8 Q16 permite que atacantes remotos provoquen una denegación de servicio o ejecución de código mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a u... • http://www.securityfocus.com/bid/100702 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-14172 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14172
07 Sep 2017 — In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. En coders/ps.c en ImageMagick 7.0.7-0 Q16, una denegación de servicio en ReadPSImage() por una falta de chequeos EOF (End of File) pod... • https://github.com/ImageMagick/ImageMagick/commit/bdbbb13f1fe9b7e2465502c500561720f7456aac • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2017-14173 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14173
07 Sep 2017 — In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. En la función ReadTXTImage() en coders/txt.c en ImageMagick 7.0.6-10, podría ocurrir un desbordamiento de enteros por la operación de suma "GetQuantumRange(depth)+1" cuando "depth" ... • https://github.com/ImageMagick/ImageMagick/commit/50f54462076648ac2e36c3f58f4dadd4babbf1c9 • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-14174 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14174
07 Sep 2017 — In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. En coders/psd.c en ImageMagick 7.0.7-0 Q16, una denegación de servicio en ReadPSDLayersInternal() por una falta de chequeos... • https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-14175 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14175
07 Sep 2017 — In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. En coders/xbm.c en ImageMagick 7.0.6-1 Q16, una denegación de servicio en ReadXBMImage() por una falta de chequeos EOF (End o... • https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14139
https://notcve.org/view.php?id=CVE-2017-14139
04 Sep 2017 — ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. ImageMagick 7.0.6-2 tiene una vulnerabilidad de fuga de memoria en WriteMSLImage en coders/msl.c. • https://github.com/ImageMagick/ImageMagick/issues/578 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14137
https://notcve.org/view.php?id=CVE-2017-14137
04 Sep 2017 — ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. ReadWEBPImage en coders/webp.c en ImageMagick versión 7.0.6-5, presenta un error causado por una asignación de memoria excesiva, ya que depende solo de un campo longitud en una cabecera. • https://github.com/ImageMagick/ImageMagick/issues/641 • CWE-400: Uncontrolled Resource Consumption •