CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 1CVE-2019-11598 – ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11598
In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. En ImageMagick versión 7.0.8-40 Q16, Hay una lectura excesiva de búfer en la región heap de la memoria en la función WritePNMImage del archivo coders/pnm.c, que permite que un atacante genere una Denegación de Servicio o una posible revelaciónde información mediante un archivo de imagen creado. Esto está relacionado con SetGrayscaleImage en el archivo MagickCore/quantize. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://www.securityfocus.com/bid/108102 https://github.com/ImageMagick/ImageMagick/issues/1540 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/secu • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 4%CPEs: 1EXPL: 1CVE-2019-11597 – ImageMagick: heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c leading to DoS or information disclosure
https://notcve.org/view.php?id=CVE-2019-11597
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. ImageMagick en la versión 7.0.8-43 Q16, tiene una sobre-lectura de búfer basada en pilas en la función WriteTIFFImage de coders/tiff.c, que permite a un atacante causar una denegación de servicio o posiblemente la divulgación de información a través de un archivo de imagen diseñado. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html http://www.securityfocus.com/bid/108102 https://github.com/ImageMagick/ImageMagick/issues/1555 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/secu • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2019-11472 – ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component
https://notcve.org/view.php?id=CVE-2019-11472
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. ReadXWDImage en coders/xwd.c en el componente de análisis de imágenes XWD de ImageMagick 7.0.8-41 Q16 permite a los atacantes causar una denegación de servicio (error de división por cero) al crear un archivo de imagen XWD en el que el encabezado indica ni LSB primero ni MSB primero. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/issues/1546 https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/ • CWE-248: Uncaught Exception CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 2%CPEs: 1EXPL: 1CVE-2019-11470 – ImageMagick: denial of service in cineon parsing component
https://notcve.org/view.php?id=CVE-2019-11470
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. El componente de análisis de cineon en ImageMagick 7.0.8-26 Q16, permite a los atacantes provocar una denegación de servicio (consumo incontrolado de recursos) creando una imagen Cineon con un tamaño de imagen declarado incorrecto. Esto se debe a que ReadCINImage en coders/cin.c carece de una comprobación de datos de imagen insuficientes en un archivo. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/commit/e3cdce6fe12193f235b8c0ae5efe6880a25eb957 https://github.com/ImageMagick/ImageMagick/issues/1472 https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a https://github.com/ImageMagick/ImageMagick/issues/1495 • CWE-125: Out-of-bounds Read •