CVE-2018-16323 – ImageMagick - Memory Leak
https://notcve.org/view.php?id=CVE-2018-16323
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. ReadXBMImage en coders/xbm.c en ImageMagick en versiones anteriores a la 7.0.8-9 deja los datos sin inicializar al procesar un archivo XBM que tiene un valor de pixel negativo. Si el código afectado se emplea como biblioteca cargada en un proceso que incluye información sensible, esa información a veces puede filtrarse mediante los datos de imagen. ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability. • https://www.exploit-db.com/exploits/45890 https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786 https://usn.ubuntu.com/3785-1 https://usn.ubuntu.com/4034-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-15607 – ImageMagick: CPU Exhaustion via crafted input file
https://notcve.org/view.php?id=CVE-2018-15607
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. En ImageMagick 7.0.8-11 Q16, un archivo de entrada pequeño 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 puede resultar en un bloqueo de varios minutos durante los cuales los recursos de la memoria y de la CPU se consumen hasta que por último falla la asignación de memoria planeada. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo manipulado. • http://www.securityfocus.com/bid/105137 https://github.com/ImageMagick/ImageMagick/issues/1255 https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2018-15607 https://bugzilla.redhat.com/show_bug.cgi?id=1622738 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-14551
https://notcve.org/view.php?id=CVE-2018-14551
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. La función ReadMATImageV4 en coders/mat.c en ImageMagick 7.0.8-7 emplea una variable no inicializada, lo que conduce a una corrupción de memoria. • https://github.com/ImageMagick/ImageMagick/issues/1221 https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/3785-1 • CWE-787: Out-of-bounds Write CWE-908: Use of Uninitialized Resource •
CVE-2018-14435 – ImageMagick: memory leak in DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2018-14435
ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en DecodeImage en coders/pcd.c. • https://github.com/ImageMagick/ImageMagick/issues/1193 https://usn.ubuntu.com/3785-1 https://access.redhat.com/security/cve/CVE-2018-14435 https://bugzilla.redhat.com/show_bug.cgi?id=1609936 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-14434 – ImageMagick: memory leak for a colormap in WriteMPCImage in coders/mpc.c
https://notcve.org/view.php?id=CVE-2018-14434
ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. ImageMagick 7.0.8-4 tiene una fuga de memoria en un mapa de color en WriteMPCImage en coders/mpc.c. • https://github.com/ImageMagick/ImageMagick/issues/1192 https://usn.ubuntu.com/3785-1 https://usn.ubuntu.com/4034-1 https://access.redhat.com/security/cve/CVE-2018-14434 https://bugzilla.redhat.com/show_bug.cgi?id=1609933 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •