CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2019-11472 – ImageMagick: denial of service in ReadXWDImage in coders/xwd.c in the XWD image parsing component
https://notcve.org/view.php?id=CVE-2019-11472
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. ReadXWDImage en coders/xwd.c en el componente de análisis de imágenes XWD de ImageMagick 7.0.8-41 Q16 permite a los atacantes causar una denegación de servicio (error de división por cero) al crear un archivo de imagen XWD en el que el encabezado indica ni LSB primero ni MSB primero. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/issues/1546 https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/ • CWE-248: Uncaught Exception CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 2%CPEs: 1EXPL: 1CVE-2019-11470 – ImageMagick: denial of service in cineon parsing component
https://notcve.org/view.php?id=CVE-2019-11470
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. El componente de análisis de cineon en ImageMagick 7.0.8-26 Q16, permite a los atacantes provocar una denegación de servicio (consumo incontrolado de recursos) creando una imagen Cineon con un tamaño de imagen declarado incorrecto. Esto se debe a que ReadCINImage en coders/cin.c carece de una comprobación de datos de imagen insuficientes en un archivo. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/commit/e3cdce6fe12193f235b8c0ae5efe6880a25eb957 https://github.com/ImageMagick/ImageMagick/issues/1472 https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a https://github.com/ImageMagick/ImageMagick/issues/1495 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2019-10650 – ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
https://notcve.org/view.php?id=CVE-2019-10650
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función WriteTIFFImage de coders/tiff.c que permite al atacante provocar una denegación de servicio (DoS) o divulgación de información mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html http://www.securityfocus.com/bid/107646 https://github.com/ImageMagick/ImageMagick/issues/1532 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://seclists.org/bugtraq/2019/Apr/37 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2019/dsa-4436 https://access.redhat.com/security/cve/CVE-2019-10650& • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10649
https://notcve.org/view.php?id=CVE-2019-10649
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una vulnerabilidad de filtrado de memoria en la función SVGKeyValuePairs de coders/svg.c que permite al atacante provocar una denegación de servicio (DoS) mediante un archivo de imagen manipulado. • http://www.securityfocus.com/bid/107645 https://github.com/ImageMagick/ImageMagick/issues/1533 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 • CWE-401: Missing Release of Memory after Effective Lifetime •