Page 4 of 65 results (0.009 seconds)

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. Las funciones ReadOneJNGImage y ReadJNGImage en coders/png.c en GraphicsMagick 1.3.26 permiten que atacantes remotos provoquen una denegación de servicio (DoS) (uso de memoria previamente liberada en CloseBlob en magick/blob.c) u otro tipo de impacto sin especificar mediante un archivo manipulado. Este problema está relacionado con CVE-2017-11403. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f http://www.securityfocus.com/bid/103276 https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick&# • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted file that triggers an attempt at a large png_pixels array allocation. Se ha descubierto un problema en GraphicsMagick 1.3.26. Se ha encontrado una vulnerabilidad de error de asignación en la función ReadOnePNGImage en coders/png.c, lo que permite que atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado que desencadena un intento de asignación de un gran array png_pixels. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa http://www.securityfocus.com/bid/103258 https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick&# • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0

The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used. La función AcquireCacheNexus en magick/pixel_cache.c en GraphicsMagick en versiones anteriores a la 1.3.28 permite que los atacantes remotos provoquen una denegación de servicio (sobrescritura de memoria dinámica o heap) o posiblemente provoquen otro impacto no especificado mediante un archivo de imagen manipulado, dado que no se utiliza un área de pixelado. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3 http://www.securityfocus.com/bid/102981 https://lists.debian.org/debian-lts-announce/2018/02/msg00017.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://www.debian.org/security/2018&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. WriteOnePNGImage en coders/png.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4 http://www.securityfocus.com/bid/102185 https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsma • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. ReadGRAYImage en coders/gray.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportGrayQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/522 https://usn.ubuntu.com • CWE-125: Out-of-bounds Read •