CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-17782 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-17782
20 Dec 2017 — In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. En GraphicsMagick 1.3.27a, hay una sobrelectura de búfer basada en memoria dinámica (heap) en ReadOneJNGImage en coders/png. c. Esto está relacionado con la asignación de chunks oFFs. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=8e3d2264109c • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17783
https://notcve.org/view.php?id=CVE-2017-17783
20 Dec 2017 — In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. En GraphicsMagick 1.3.27a, existe una sobrelectura de búfer en ReadPALMImage en coders/palm.c cuando QuantumDepth es 8. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=60932931559a • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17498
https://notcve.org/view.php?id=CVE-2017-17498
11 Dec 2017 — WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. WritePNMImage en coders/pnm.c en GraphicsMagick 1.3.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap en bit_stream.c MagickBitStreamMSBWrite y cierre inesperado de la aplicac... • http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17500 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-17500
11 Dec 2017 — ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. ReadRGBImage en coders/rgb.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified i... • http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2017-17501
https://notcve.org/view.php?id=CVE-2017-17501
11 Dec 2017 — WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. WriteOnePNGImage en coders/png.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17502
https://notcve.org/view.php?id=CVE-2017-17502
11 Dec 2017 — ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. ReadCMYKImage en coders/cmyk.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportCMYKQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-17503
https://notcve.org/view.php?id=CVE-2017-17503
11 Dec 2017 — ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. ReadGRAYImage en coders/gray.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportGrayQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2017-16669
https://notcve.org/view.php?id=CVE-2017-16669
09 Nov 2017 — coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. coders/wpg.c en GraphicsMagick 7.0.6 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de aplicación) o, probablemente, causen cualquier otro tip... • http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16547
https://notcve.org/view.php?id=CVE-2017-16547
06 Nov 2017 — The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en magick/render.c en GraphicsMagick 1.3.26 no busca correctamente palabras clave pop que estén asociadas a palabras clave push, lo que permite que atacantes remotos provoquen una de... • http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16545 – Ubuntu Security Notice USN-4248-1
https://notcve.org/view.php?id=CVE-2017-16545
05 Nov 2017 — The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. La función ReadWPGImage en coders/wpg.c en GraphicsMagick 1.3.26 no valida correctamente las imágenes cuyos colores corresponden a un mapa de color, lo que permite que atacantes remotos provoquen una denegació... • http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 • CWE-476: NULL Pointer Dereference •