Page 41 of 229 results (0.029 seconds)

CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 1

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. El DCM reader en ImageMagick en versiones anteriores a 6.9.4-5 y 7.x en versiones anteriores a 7.0.1-7 permite a atacantes remotos tener un impacto no especificado al aprovechar la falta de validación de (1) pixel.red, (2) pixel.green y (3) pixel.blue. • http://www.openwall.com/lists/oss-security/2016/06/14/5 http://www.openwall.com/lists/oss-security/2016/06/17/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91283 https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG%2C-DDS%2C-DCM.html https://github.com/ImageMagick/ImageMagick/blob/6.9.4-5/ChangeLog https://github.com/ImageMagick/ImageMagick/blob/7.0.1-7/ChangeLog https://gi • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91018 https://access.redhat.com/errata/RHSA-2016:1237 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://access.redhat.com/security/cve/CVE-2016-5239 https://bugzilla.redhat.com/show_bug.cgi?id=1334188 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 2%CPEs: 25EXPL: 0

Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. • http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91027 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. La función WriteImages en magick/constitu.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo de imagen manipulado. • http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91039 https://access.redhat.com/errata/RHSA-2016:1237 https://github.com/ImageMagick/ImageMagick/commit/5b4bebaa91849c592a8448bc353ab25a54ff8c44 https://github.com/ImageMagick/ImageMagick/pull/34 https://access.redhat.com/security/cve/CVE-2015-8898 https://bugzilla.redhat.com/show_bug.cgi?id=1344264 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. La función SpliceImage en MagickCore/transform.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo png manipulado. • http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91030 https://access.redhat.com/errata/RHSA-2016:1237 https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231 https://access.redhat.com/security/cve/CVE-2015-8897 https://bugzilla.redhat.com/show_bug.cgi?id=1344271 • CWE-125: Out-of-bounds Read •