CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 1CVE-2019-11005
https://notcve.org/view.php?id=CVE-2019-11005
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en GraphicsMagick 1.4 snapshot-20190322 Q8 en la función SVGStartElement en coders/svg.c. Esta vulnerabilidad permitiría a un atacante remoto generar una condición de denegación de servicio (cierre de aplicación) o la posibilidad de tener un impacto no específico mediante el entrecomillado de valores de familias de fuentes. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00093.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00107.html https://sourceforge.net/p/graphicsmagick/bugs/600 https://usn.ubuntu.com/4207-1 https://www.debian.org/security/2020/dsa-4640 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-7397 – ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
https://notcve.org/view.php?id=CVE-2019-7397
In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, y GraphicsMagick, hasta la versión 1.3.31, existen varias vulnerabilidades de fuga de memoria en WritePDFImage en coders/pdf.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html http://www.securityfocus.com/bid/106847 https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82 https://github.com/ImageMagick/ImageMagick/issues/1454 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2020/dsa-4712 https://access.redhat.com/security&#x • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-18544 – ImageMagick: memory leak in WriteMSLImage of coders/msl.c
https://notcve.org/view.php?id=CVE-2018-18544
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Hay una fuga de memoria en la función WriteMSLImage en coders/msl.c en ImageMagick 7.0.8-13 Q16, así como en la función ProcessMSLScript de coders/msl.c en GraphicsMagick en versiones anteriores a la 1.3.31. • http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html https://github.com/ImageMagick/ImageMagick/issues/1360 https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2018-18544 https://bugzilla.redhat.com/show_bug.cgi?id=1642614 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •