CVE-2012-0260 – ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers
https://notcve.org/view.php?id=CVE-2012-0260
The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. La función de JPEGWarningHandler en coders/jpeg.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una imagen JPEG con una secuencia de marcadores de reinicio hecha a mano. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/48974 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://secunia.com/advisories/57224 http://www.cert.fi/en/reports/2012/vulnerability635606.html http://www.debian.org/security/2012 • CWE-400: Uncontrolled Resource Consumption •
CVE-2012-0247 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0247
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) y posiblemente ejecutar código de su elección a través de desplazamientos (offsets) modificados y contar valores en la etiqueta ResolutionUnit en el EXIF IFD0 de una imagen . • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-20: Improper Input Validation •
CVE-2012-0248 – ImageMagick: invalid validation of images denial of service
https://notcve.org/view.php?id=CVE-2012-0248
ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. ImageMagick v6.7.5-7 y anteriores permite a atacantes remotos causar una denegación de servicio (bucle infinito y bloqueo) a través de una imagen hecha a mano, cuya IFD contiene etiquetas IOP que referencian al principio del IDF. • http://rhn.redhat.com/errata/RHSA-2012-0544.html http://rhn.redhat.com/errata/RHSA-2012-0545.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48247 http://secunia.com/advisories/48259 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49068 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability595210.html http://www.debian.org/security/2012/dsa-2427 http://www& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2010-4167 – ImageMagick: configuration files read from $CWD may allow arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-4167
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en configure.c de ImageMagick anterior a v6.6.5-5, cuando está definido MAGICKCORE_INSTALLED_SUPPORT, permite a usuarios locales aumentar sus privilegios mediante un fichero de configuración de un troyano en el directorio de trabajo actual. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052515.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052599.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://secunia.com/advisories/42497 http://secunia.com/advisories/42744 http://secunia.com/advisories/48100 http://secunia.com/advisories/49063 http://www.imagemagick.org/script/changelog.php http://www.openwall.com/ •
CVE-2008-1096 – Out of bound write in ImageMagick's XCF coder
https://notcve.org/view.php?id=CVE-2008-1096
The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. La función load_tile en el codificador XCF de coders/xcf.c en (1) ImageMagick 6.2.8-0 y (2) GraphicsMagick (también conocido como gm) 1.1.7 permite a atacantes remotos asistidos por usuarios provocar una denegación de servicio (caída) o prosiblemente ejecutar código de su elección a través de un archivo .xcf manipulado que dispara una escritura en el montículo fuera de rango, posiblemente relacionada con la función ScaleCharToQuantum. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://osvdb.org/43212 http://secunia.com/advisories/29786 http://secunia.com/advisories/30967 http://secunia.com/advisories/32945 http://secunia.com/advisories/36260 http://www.debian.org/security/2009/dsa-1858 http://www.mandriva.com/security/advisories?name=MDVSA-2008:099 http://www.redhat.com/support/errata/RHSA-2008-0145.html http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •