CVE-2016-5239 – ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection
https://notcve.org/view.php?id=CVE-2016-5239
The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91018 https://access.redhat.com/errata/RHSA-2016:1237 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://access.redhat.com/security/cve/CVE-2016-5239 https://bugzilla.redhat.com/show_bug.cgi?id=1334188 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVE-2015-8896 – ImageMagick: Integer truncation vulnerability in coders/pict.c
https://notcve.org/view.php?id=CVE-2015-8896
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. • http://www.openwall.com/lists/oss-security/2015/10/07/2 http://www.openwall.com/lists/oss-security/2015/10/08/3 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91027 https://access.redhat.com/errata/RHSA-2016:1237 https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803 https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14 •
CVE-2015-8898 – ImageMagick: Prevent NULL pointer access in magick/constitute.c
https://notcve.org/view.php?id=CVE-2015-8898
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. La función WriteImages en magick/constitu.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo de imagen manipulado. • http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91039 https://access.redhat.com/errata/RHSA-2016:1237 https://github.com/ImageMagick/ImageMagick/commit/5b4bebaa91849c592a8448bc353ab25a54ff8c44 https://github.com/ImageMagick/ImageMagick/pull/34 https://access.redhat.com/security/cve/CVE-2015-8898 https://bugzilla.redhat.com/show_bug.cgi?id=1344264 • CWE-476: NULL Pointer Dereference •
CVE-2015-8897 – ImageMagick: Crash due to out of bounds error in SpliceImage
https://notcve.org/view.php?id=CVE-2015-8897
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. La función SpliceImage en MagickCore/transform.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo png manipulado. • http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 http://www.openwall.com/lists/oss-security/2016/06/02/13 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/91030 https://access.redhat.com/errata/RHSA-2016:1237 https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231 https://access.redhat.com/security/cve/CVE-2015-8897 https://bugzilla.redhat.com/show_bug.cgi?id=1344271 • CWE-125: Out-of-bounds Read •
CVE-2016-4564
https://notcve.org/view.php?id=CVE-2016-4564
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en MagickCore/draw.c en ImageMagick en versiones anteriores a 6.9.4-0 y 7.x en versiones anteriores a 7.0.1-2 hace una llamada a una función incorrecta intentando localizar el siguiente token, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer y caída de aplicación) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://www.imagemagick.org/script/changelog.php http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •