CVE-2018-17967 – ImageMagick: memory leak in ReadBGRImage in coders/bgr.c.
https://notcve.org/view.php?id=CVE-2018-17967
ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en ReadBGRImage en coders/bgr.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17967 https://github.com/ImageMagick/ImageMagick/issues/1051 https://access.redhat.com/security/cve/CVE-2018-17967 https://bugzilla.redhat.com/show_bug.cgi?id=1636590 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-17965
https://notcve.org/view.php?id=CVE-2018-17965
ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage in coders/sgi.c. ImageMagick 7.0.7-28 tiene una vulnerabilidad de fuga de memoria en WriteSGIImage en coders/sgi.c. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-17965 https://github.com/ImageMagick/ImageMagick/issues/1052 https://usn.ubuntu.com/4034-1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-16750 – ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2018-16750
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. En ImageMagick 7.0.7-29 y anteriores, se ha encontrado una fuga de memoria en la función formatIPTCfromBuffer en coders/meta.c. • http://www.securityfocus.com/bid/108492 https://github.com/ImageMagick/ImageMagick/issues/1118 https://usn.ubuntu.com/3785-1 https://access.redhat.com/security/cve/CVE-2018-16750 https://bugzilla.redhat.com/show_bug.cgi?id=1627917 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-16749 – ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2018-16749
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. En ImageMagick 7.0.7-29 y anteriores, la falta de una comprobación NULL en ReadOneJNGImage en coders/png.c permite que un atacante provoque una denegación de servicio (fallo de aserción en WriteBlob y salida de la aplicación) mediante un archivo manipulado. • https://github.com/ImageMagick/ImageMagick/issues/1119 https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4 https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://usn.ubuntu.com/3785-1 https://access.redhat.com/security/cve/CVE-2018-16749 https://bugzilla.redhat.com/show_bug.cgi?id=1627916 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •
CVE-2018-16644 – ImageMagick: improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c
https://notcve.org/view.php?id=CVE-2018-16644
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. Hay una falta de comprobaciones de longitud en las funciones ReadDCMImage de coders/dcm.c y ReadPICTImage de coders/pict.c en ImageMagick 7.0.8-11, lo que permite que los atacantes remotos provoquen una denegación de servicio (DoS) mediante una imagen manipulada. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00006.html https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7 https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135 https://github.com/ImageMagick/ImageMagick/issues/1269 https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html https://usn.ubuntu.com/3785-1 https://usn.ubuntu.com/4034-1 https://www.debian.org/security/2018/dsa-4316 https://access.redhat.com/securi • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •