CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 1CVE-2016-5689
https://notcve.org/view.php?id=CVE-2016-5689
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. El DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado aprovechando la falta de validación de punteros NULL. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1CVE-2016-5690
https://notcve.org/view.php?id=CVE-2016-5690
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table. La función ReadDCMImage en DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican la instrucción por computación de la tabla de escalado de píxeles. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2015-8895 – ImageMagick: Integer and buffer overflow in coders/icon.c
https://notcve.org/view.php?id=CVE-2015-8895
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. Desbordamiento de entero en coders/icon.c en ImageMagick 6.9.1-3 y versiones posteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un valor de longitud manipulado, lo que desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91025 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 https://access.redhat.com/security/cve/CVE-2015-8895 https://bugzilla.redhat.com/show_bug.cgi?id=1269553 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 25EXPL: 0CVE-2015-8896 – ImageMagick: Integer truncation vulnerability in coders/pict.c
https://notcve.org/view.php?id=CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. • http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91027 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5239 – ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection
https://notcve.org/view.php?id=CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91018 https://access.redhat.com/errata/RHSA-2016:1237 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://access.redhat.com/security/cve/CVE-2016-5239 https://bugzilla.redhat.com/show_bug.cgi?id=1334188 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •