CVE-2010-4167 – ImageMagick: configuration files read from $CWD may allow arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-4167
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en configure.c de ImageMagick anterior a v6.6.5-5, cuando está definido MAGICKCORE_INSTALLED_SUPPORT, permite a usuarios locales aumentar sus privilegios mediante un fichero de configuración de un troyano en el directorio de trabajo actual. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052515.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052599.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://secunia.com/advisories/42497 http://secunia.com/advisories/42744 http://secunia.com/advisories/48100 http://secunia.com/advisories/49063 http://www.imagemagick.org/script/changelog.php http://www.openwall.com/ •
CVE-2007-4988 – Integer overflow in ImageMagick's DIB coder
https://notcve.org/view.php?id=CVE-2007-4988
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. Error de extensión de signo en la función ReadDIBImage de ImageMagick versiones anteriores a 6.3.5-9 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante un valor de ancho manipulado en un fichero de imagen, que dispara un desbordamiento de entero y un desbordamiento de búfer basado en pila. • http://bugs.gentoo.org/show_bug.cgi?id=186030 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=597 http://secunia.com/advisories/26926 http://secunia.com/advisories/27048 http://secunia.com/advisories/27309 http://secunia.com/advisories/27364 http://secunia.com/advisories/27439 http://secunia.com/advisories/28721 http://secunia.com/advisories/29786 http://secunia.com/advisories/36260 http://security.gentoo.org/glsa/glsa-200710-27.xml http://studio.imagem • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types •
CVE-2006-3744
https://notcve.org/view.php?id=CVE-2006-3744
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. Múltiples desbordamientos de entero en ImageMagick anterior a 6.2.9 permiten a atacantes con la intervención del usuario ejecutar código de su elección mediante imágenes Sun Rasterfile (bitmap) manipuladas que provocan desbordamientos de búfer basado en montón. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=144854 http://secunia.com/advisories/21615 http://secunia.com/advisories/21621 http://secunia.com/advisories/21671 http://secunia.com/advisories/21679 http://secunia.com/advisories/21719 http://secunia.com/advisories/21780 http://secunia.com/advisories/21832 http://secunia.com/advisories/22036 http://secunia.com/advisories/22096 http://security.gentoo.org/glsa& • CWE-189: Numeric Errors •
CVE-2005-3582
https://notcve.org/view.php?id=CVE-2005-3582
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. • http://secunia.com/advisories/17427 http://www.gentoo.org/security/en/glsa/glsa-200511-02.xml http://www.osvdb.org/20528 http://www.securityfocus.com/bid/15120 http://www.vupen.com/english/advisories/2005/2281 •
CVE-2005-0397
https://notcve.org/view.php?id=CVE-2005-0397
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications. • http://bugs.gentoo.org/show_bug.cgi?id=83542 http://marc.info/?l=bugtraq&m=110987256010857&w=2 http://www.debian.org/security/2005/dsa-702 http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html http://www.redhat.com/support/errata/RHSA-2005-070.html http://www.redhat.com/support/errata/RHSA-2005-320.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19586 https://oval.cisecurity.org/ •