Page 39 of 203 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. • http://www.openwall.com/lists/oss-security/2016/06/23/1 http://www.openwall.com/lists/oss-security/2016/06/25/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91394 https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b https://github.com/ImageMagick/ImageMagick/commits/7.0.2-1 https://security.gentoo.org/glsa/201611-21 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. El DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado al aprovechar la falta de validación de (1) pixel.red, (2) pixel.green y (3) pixel.blue. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91018 https://access.redhat.com/errata/RHSA-2016:1237 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://access.redhat.com/security/cve/CVE-2016-5239 https://bugzilla.redhat.com/show_bug.cgi?id=1334188 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 2%CPEs: 25EXPL: 0

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. • http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91027 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14 •

CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0

Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. Desbordamiento de entero en coders/icon.c en ImageMagick 6.9.1-3 y versiones posteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un valor de longitud manipulado, lo que desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91025 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734 https://access.redhat.com/security/cve/CVE-2015-8895 https://bugzilla.redhat.com/show_bug.cgi?id=1269553 • CWE-190: Integer Overflow or Wraparound •