CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-7397 – ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
https://notcve.org/view.php?id=CVE-2019-7397
05 Feb 2019 — In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, y GraphicsMagick, hasta la versión 1.3.31, existen varias vulnerabilidades de fuga de memoria en WritePDFImage en coders/pdf.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker c... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20189 – Ubuntu Security Notice USN-5974-1
https://notcve.org/view.php?id=CVE-2018-20189
17 Dec 2018 — In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization. En GraphicsMagick 1.3.31, la función ReadDIBImage de coders/dib.c tiene una vulnerabilidad que permite un cierre inesperado y una denegación de servicio (DoS) mediante un archivo dib que está manipulado par... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-20184 – Ubuntu Security Notice USN-5974-1
https://notcve.org/view.php?id=CVE-2018-20184
17 Dec 2018 — In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification. En GraphicsMagick 1.4 snapshot-20181209 Q8, hay un desbordamiento de búfer basado en memoria dinámica (heap) en la función WriteTGAImage de tga.c, lo que permite que los atacantes provoquen una denegación... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20185 – Debian Security Advisory 4640-1
https://notcve.org/view.php?id=CVE-2018-20185
17 Dec 2018 — In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits. Hay una sobrelectura de búfer basada en memoria dinámica (heap) en GraphicsMagick 1.4 snapshot-20181209 Q8 en plataformas de 32 bits, en la función ReadBMPImage de bmp.c que permite que atacantes provoquen una den... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18544 – ImageMagick: memory leak in WriteMSLImage of coders/msl.c
https://notcve.org/view.php?id=CVE-2018-18544
21 Oct 2018 — There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Hay una fuga de memoria en la función WriteMSLImage en coders/msl.c en ImageMagick 7.0.8-13 Q16, así como en la función ProcessMSLScript de coders/msl.c en GraphicsMagick en versiones anteriores a la 1.3.31. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image format... • http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9018 – Ubuntu Security Notice USN-5974-1
https://notcve.org/view.php?id=CVE-2018-9018
25 Mar 2018 — In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. En GraphicsMagick 1.3.28 hay una división entre cero en la fucnción ReadMNGImage en coders/png.c. Los atacantes remotos podrían aprovechar esta vulnerabilidad para provocar un cuerre inesperado y una denegación de servicio (DoS) mediante un archivo mng manipulado. It was discovered that GraphicsMagi... • http://www.securityfocus.com/bid/103526 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 1CVE-2017-18229 – Ubuntu Security Notice USN-4266-1
https://notcve.org/view.php?id=CVE-2017-18229
14 Mar 2018 — An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via a crafted file, because file size is not properly used to restrict scanline, strip, and tile allocations. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de error de asignación en la función ReadTIFFImage en coders/tiff.c, lo que permite que atacantes provoquen una de... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-18230
https://notcve.org/view.php?id=CVE-2017-18230
14 Mar 2018 — An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en la función ReadCINEONImage en coders/cineon.c, que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-18231
https://notcve.org/view.php?id=CVE-2017-18231
14 Mar 2018 — An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadEnhMetaFile in coders/emf.c, which allows attackers to cause a denial of service via a crafted file. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en la función ReadEnhMetaFile en coders/emf.c, que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 1CVE-2017-18219
https://notcve.org/view.php?id=CVE-2017-18219
05 Mar 2018 — An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de error de asignación en la función ReadOnePNGImage en coders/png.c, lo que permite que atacantes provoquen una denegación de servicio (Do... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa • CWE-770: Allocation of Resources Without Limits or Throttling •