CVE-2019-11470 – ImageMagick: denial of service in cineon parsing component
https://notcve.org/view.php?id=CVE-2019-11470
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file. El componente de análisis de cineon en ImageMagick 7.0.8-26 Q16, permite a los atacantes provocar una denegación de servicio (consumo incontrolado de recursos) creando una imagen Cineon con un tamaño de imagen declarado incorrecto. Esto se debe a que ReadCINImage en coders/cin.c carece de una comprobación de datos de imagen insuficientes en un archivo. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html https://github.com/ImageMagick/ImageMagick/commit/e3cdce6fe12193f235b8c0ae5efe6880a25eb957 https://github.com/ImageMagick/ImageMagick/issues/1472 https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 https://github.com/ImageMagick/ImageMagick/commit/58d9c46929ca0828edde34d263700c3a5fe8dc3c https://github.com/ImageMagick/ImageMagick/commit/edc7d3035883ddca8413e4fe7689aa2e579ef04a https://github.com/ImageMagick/ImageMagick/issues/1495 • CWE-125: Out-of-bounds Read •
CVE-2019-10650 – ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
https://notcve.org/view.php?id=CVE-2019-10650
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función WriteTIFFImage de coders/tiff.c que permite al atacante provocar una denegación de servicio (DoS) o divulgación de información mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html http://www.securityfocus.com/bid/107646 https://github.com/ImageMagick/ImageMagick/issues/1532 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://seclists.org/bugtraq/2019/Apr/37 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2019/dsa-4436 https://access.redhat.com/security/cve/CVE-2019-10650& • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-10649
https://notcve.org/view.php?id=CVE-2019-10649
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una vulnerabilidad de filtrado de memoria en la función SVGKeyValuePairs de coders/svg.c que permite al atacante provocar una denegación de servicio (DoS) mediante un archivo de imagen manipulado. • http://www.securityfocus.com/bid/107645 https://github.com/ImageMagick/ImageMagick/issues/1533 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-9956 – imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-9956
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Se ha encontrado una vulnerabilidad de desbordamiento de búfer basado en pila en ImageMagick 7.0.8-35 Q16 en la función PopHexPixel en coders/ps.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html http://www.securityfocus.com/bid/107546 http://www.securityfocus.com/bid/107672 https://github.com/ImageMagick/ImageMagick/issues/1523 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://seclists.org/bugtraq/2019/Apr/37 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2019/dsa-4436 https://a • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •