CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 1CVE-2019-10650 – ImageMagick: heap-based buffer over-read in WriteTIFFImage of coders/tiff.c leads to denial of service or information disclosure via crafted image file
https://notcve.org/view.php?id=CVE-2019-10650
In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función WriteTIFFImage de coders/tiff.c que permite al atacante provocar una denegación de servicio (DoS) o divulgación de información mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html http://www.securityfocus.com/bid/107646 https://github.com/ImageMagick/ImageMagick/issues/1532 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://seclists.org/bugtraq/2019/Apr/37 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2019/dsa-4436 https://access.redhat.com/security/cve/CVE-2019-10650& • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10649
https://notcve.org/view.php?id=CVE-2019-10649
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file. En ImageMagick, en su versión 7.0.8-36 Q16, hay una vulnerabilidad de filtrado de memoria en la función SVGKeyValuePairs de coders/svg.c que permite al atacante provocar una denegación de servicio (DoS) mediante un archivo de imagen manipulado. • http://www.securityfocus.com/bid/107645 https://github.com/ImageMagick/ImageMagick/issues/1533 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2019-9956 – imagemagick: stack-based buffer overflow in function PopHexPixel in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-9956
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. Se ha encontrado una vulnerabilidad de desbordamiento de búfer basado en pila en ImageMagick 7.0.8-35 Q16 en la función PopHexPixel en coders/ps.c. Esta vulnerabilidad permite que los atacantes provoquen una denegación de servicio mediante un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00010.html http://www.securityfocus.com/bid/107546 http://www.securityfocus.com/bid/107672 https://github.com/ImageMagick/ImageMagick/issues/1523 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://seclists.org/bugtraq/2019/Apr/37 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2019/dsa-4436 https://a • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7175 – imagemagick: memory leak in function DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2019-7175
In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, hay fugas de memoria en DecodeImage en coders/pcd.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae https://github.com/ImageMagick/ImageMagick/issues/1450 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security/cve/CVE-2019-7175 https://bugzilla.redhat.com/show_bug.cgi?id=1687436 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7395
https://notcve.org/view.php?id=CVE-2019-7395
In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WritePSDChannel en coders/psd.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://www.securityfocus.com/bid/106850 https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06 https://github.com/ImageMagick/ImageMagick/issues/1451 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 • CWE-401: Missing Release of Memory after Effective Lifetime •