CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2016-5690
https://notcve.org/view.php?id=CVE-2016-5690
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. La función ReadDCMImage en DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican la instrucción por computación de la tabla de escalado de píxeles. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2016-5691
https://notcve.org/view.php?id=CVE-2016-5691
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. El DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado al aprovechar la falta de validación de (1) pixel.red, (2) pixel.green y (3) pixel.blue. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 1CVE-2016-5841
https://notcve.org/view.php?id=CVE-2016-5841
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable. Desbordamiento de entero en MagickCore/profile.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) o posiblemente ejecutar código arbitrario a través de vectores que implican a la variable offset. • http://www.openwall.com/lists/oss-security/2016/06/23/1 http://www.openwall.com/lists/oss-security/2016/06/25/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91394 https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2016-5842
https://notcve.org/view.php?id=CVE-2016-5842
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. • http://www.openwall.com/lists/oss-security/2016/06/23/1 http://www.openwall.com/lists/oss-security/2016/06/25/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91394 https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1 https://security.gentoo.org/glsa/201611-21 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2015-8895 – ImageMagick: Integer and buffer overflow in coders/icon.c
https://notcve.org/view.php?id=CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. Desbordamiento de entero en coders/icon.c en ImageMagick 6.9.1-3 y versiones posteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un valor de longitud manipulado, lo que desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91025 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 https://access.redhat.com/security/cve/CVE-2015-8895 https://bugzilla.redhat.com/show_bug.cgi?id=1269553 • CWE-190: Integer Overflow or Wraparound •