CVE-2019-7397 – ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
https://notcve.org/view.php?id=CVE-2019-7397
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, y GraphicsMagick, hasta la versión 1.3.31, existen varias vulnerabilidades de fuga de memoria en WritePDFImage en coders/pdf.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://www.securityfocus.com/bid/106847 https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82 https://github.com/ImageMagick/ImageMagick/issues/1454 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2018-18544 – ImageMagick: memory leak in WriteMSLImage of coders/msl.c
https://notcve.org/view.php?id=CVE-2018-18544
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Hay una fuga de memoria en la función WriteMSLImage en coders/msl.c en ImageMagick 7.0.8-13 Q16, así como en la función ProcessMSLScript de coders/msl.c en GraphicsMagick en versiones anteriores a la 1.3.31. • http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html https://github.com/ImageMagick/ImageMagick/issues/1360 https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2018-18544 https://bugzilla.redhat.com/show_bug.cgi?id=1642614 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-6799
https://notcve.org/view.php?id=CVE-2018-6799
The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. La función AcquireCacheNexus en magick/pixel_cache.c en GraphicsMagick en versiones anteriores a la 1.3.28 permite que los atacantes remotos provoquen una denegación de servicio (sobrescritura de memoria dinámica o heap) o posiblemente provoquen otro impacto no especificado mediante un archivo de imagen manipulado, dado que no se utiliza un área de pixelado. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3 http://www.securityfocus.com/bid/102981 https://lists.debian.org/debian-lts-announce/2018/02/msg00017.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://www.debian.org/security/2018 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10800
https://notcve.org/view.php?id=CVE-2017-10800
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. Cuando GraphicsMagick 1.3.25 procesa una imagen MATLAB en coders/mat.c, puede ocurrir una denegación de servicio (OOM) en ReadMATImage() si el tamaño especificado para un objeto MAT es más grande que la cantidad real de datos. • http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012 http://www.securityfocus.com/bid/99356 https://www.debian.org/security/2018/dsa-4321 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-10799
https://notcve.org/view.php?id=CVE-2017-10799
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). Cuando GraphicsMagick 1.3.25 procesa una imagen DPX (con metadatos que indican un gran ancho) en coders/dpx.c, puede ocurrir una denegación de servicio (OOM) en ReadDPXImage(). • http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62 http://www.securityfocus.com/bid/99358 https://lists.debian.org/debian-lts-announce/2019/04/msg00015.html https://usn.ubuntu.com/4206-1 https://www.debian.org/security/2018/dsa-4321 • CWE-400: Uncontrolled Resource Consumption •