CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2017-14173 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14173
07 Sep 2017 — In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. En la función ReadTXTImage() en coders/txt.c en ImageMagick 7.0.6-10, podría ocurrir un desbordamiento de enteros por la operación de suma "GetQuantumRange(depth)+1" cuando "depth" ... • https://github.com/ImageMagick/ImageMagick/commit/50f54462076648ac2e36c3f58f4dadd4babbf1c9 • CWE-190: Integer Overflow or Wraparound CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-14174 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14174
07 Sep 2017 — In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. En coders/psd.c en ImageMagick 7.0.7-0 Q16, una denegación de servicio en ReadPSDLayersInternal() por una falta de chequeos... • https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2017-14175 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14175
07 Sep 2017 — In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. En coders/xbm.c en ImageMagick 7.0.6-1 Q16, una denegación de servicio en ReadXBMImage() por una falta de chequeos EOF (End o... • https://github.com/ImageMagick/ImageMagick/commit/d9a8234d211da30baf9526fbebe9a8438ea7e11c • CWE-834: Excessive Iteration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14137
https://notcve.org/view.php?id=CVE-2017-14137
04 Sep 2017 — ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. ReadWEBPImage en coders/webp.c en ImageMagick versión 7.0.6-5, presenta un error causado por una asignación de memoria excesiva, ya que depende solo de un campo longitud en una cabecera. • https://github.com/ImageMagick/ImageMagick/issues/641 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14138
https://notcve.org/view.php?id=CVE-2017-14138
04 Sep 2017 — ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. ImageMagick 7.0.6-5 tiene una vulnerabilidad de fuga de memoria en ReadWEBPImage in coders/webp.c ya que la memoria no se libera en algunos casos de error, tal y como lo demuestran los errores VP8. • https://github.com/ImageMagick/ImageMagick/issues/639 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14139
https://notcve.org/view.php?id=CVE-2017-14139
04 Sep 2017 — ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. ImageMagick 7.0.6-2 tiene una vulnerabilidad de fuga de memoria en WriteMSLImage en coders/msl.c. • https://github.com/ImageMagick/ImageMagick/issues/578 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12691 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-12691
01 Sep 2017 — The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. La función ReadOneLayer en coders/xcf.c de ImageMagick 7.0.6-6 permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria) mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a speciall... • https://github.com/ImageMagick/ImageMagick/issues/656 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-12692 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-12692
01 Sep 2017 — The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. La función ReadVIFFImage en coders/viff.c de ImageMagick 7.0.6-6 permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria) mediante un archivo VIFF manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into open... • https://github.com/ImageMagick/ImageMagick/issues/653 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-12693 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-12693
01 Sep 2017 — The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. La función ReadBMPImage en coders/bmp.c de ImageMagick 7.0.6-6 permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria) mediante un archivo BMP manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a ... • https://github.com/ImageMagick/ImageMagick/issues/652 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-14060 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-14060
31 Aug 2017 — In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. En ImageMagick 7.0.6-10,existe una vulnerabilidad de desreferencia de puntero NULL en la función ReadCUTImage en coders/cut.c que podría permitir a un atacante provocar una denegación de servicio (en la función QueueAut... • https://github.com/ImageMagick/ImageMagick/issues/710 • CWE-476: NULL Pointer Dereference •