CVE-2017-17504
https://notcve.org/view.php?id=CVE-2017-17504
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. ImageMagick en versiones anteriores a la 7.0.7-12 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en coders/png.c Magick_png_read_raw_profile mediante un archivo manipulado, relacionado con ReadOneMNGImage. • https://github.com/ImageMagick/ImageMagick/issues/872 https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html https://usn.ubuntu.com/3681-1 https://www.debian.org/security/2017/dsa-4074 https://www.debian.org/security/2018/dsa-4204 • CWE-125: Out-of-bounds Read •
CVE-2017-16546
https://notcve.org/view.php?id=CVE-2017-16546
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. La función ReadWPGImage en coders/wpg.c en ImageMagick 7.0.7-9 no valida correctamente el índice de mapa de colores en una paleta WPG, lo que permite que atacantes remotos provoquen una denegación de servicio (uso de datos no inicializados o asignación de memoria no válida) o, posiblemente, causen otros impactos no especificados mediante un archivo WPG mal formada. • https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53 https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816 https://github.com/ImageMagick/ImageMagick/issues/851 https://usn.ubuntu.com/3681-1 https://www.debian.org/security/2017/dsa-4040 https://www.debian.org/security/2017/dsa-4074 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-15277
https://notcve.org/view.php?id=CVE-2017-15277
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. ReadGIFImage en coders/gif.c en ImageMagick 7.0.6-1 y GraphicsMagick 1.3.26 deja sin inicializar la paleta cuando se procesa un archivo GIF que no tiene ni una paleta global ni una local. Si el producto afectado se utiliza como una librería cargada en un proceso que opera en datos de interés, estos datos pueden filtrarse a veces mediante la paleta no inicializada. • https://github.com/hexrom/ImageMagick-CVE-2017-15277 https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5 https://github.com/ImageMagick/ImageMagick/issues/592 https://github.com/neex/gifoeb https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://usn.ubuntu.com/3681-1 https://usn.ubuntu.com/4232-1 https://www.debian.org/security/2017/dsa-4032 https://www.debian.org/security/2017/dsa-4040 https://www.debian.org/security/2018/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-15281
https://notcve.org/view.php?id=CVE-2017-15281
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." ReadPSDImage en coders/psd.c en ImageMagick 7.0.7-6 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de aplicación) o posiblemente produzca otro impacto no especificado mediante un archivo manipulado. Esto está relacionado con "Conditional jump or move depends on uninitialised value(s)". • http://www.securityfocus.com/bid/101276 https://github.com/ImageMagick/ImageMagick/issues/832 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://security.gentoo.org/glsa/201711-07 https://usn.ubuntu.com/3681-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-15217
https://notcve.org/view.php?id=CVE-2017-15217
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ImageMagick 7.0.7-2 tiene una fuga de memoria en ReadSGIImage en coders/sgi.c. • http://www.securityfocus.com/bid/101231 https://github.com/ImageMagick/ImageMagick/issues/759 https://usn.ubuntu.com/3681-1 • CWE-772: Missing Release of Resource after Effective Lifetime •