CVE-2017-17499
https://notcve.org/view.php?id=CVE-2017-17499
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. ImageMagick en versiones anteriores a la 6.9.9-24 y versiones 7.x anteriores a la 7.0.7-12 presenta un uso de memoria previamente liberada en Magick::Image::read en Magick++/lib/Image.cpp. • http://www.securityfocus.com/bid/102155 https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a https://usn.ubuntu.com/3681-1 https://www.debian.org/security/2017/dsa-4074 https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1 • CWE-416: Use After Free •
CVE-2017-17504
https://notcve.org/view.php?id=CVE-2017-17504
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. ImageMagick en versiones anteriores a la 7.0.7-12 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en coders/png.c Magick_png_read_raw_profile mediante un archivo manipulado, relacionado con ReadOneMNGImage. • https://github.com/ImageMagick/ImageMagick/issues/872 https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html https://usn.ubuntu.com/3681-1 https://www.debian.org/security/2017/dsa-4074 https://www.debian.org/security/2018/dsa-4204 • CWE-125: Out-of-bounds Read •
CVE-2017-16546
https://notcve.org/view.php?id=CVE-2017-16546
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. La función ReadWPGImage en coders/wpg.c en ImageMagick 7.0.7-9 no valida correctamente el índice de mapa de colores en una paleta WPG, lo que permite que atacantes remotos provoquen una denegación de servicio (uso de datos no inicializados o asignación de memoria no válida) o, posiblemente, causen otros impactos no especificados mediante un archivo WPG mal formada. • https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53 https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816 https://github.com/ImageMagick/ImageMagick/issues/851 https://usn.ubuntu.com/3681-1 https://www.debian.org/security/2017/dsa-4040 https://www.debian.org/security/2017/dsa-4074 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-15281
https://notcve.org/view.php?id=CVE-2017-15281
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." ReadPSDImage en coders/psd.c en ImageMagick 7.0.7-6 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de aplicación) o posiblemente produzca otro impacto no especificado mediante un archivo manipulado. Esto está relacionado con "Conditional jump or move depends on uninitialised value(s)". • http://www.securityfocus.com/bid/101276 https://github.com/ImageMagick/ImageMagick/issues/832 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://security.gentoo.org/glsa/201711-07 https://usn.ubuntu.com/3681-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-15217
https://notcve.org/view.php?id=CVE-2017-15217
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ImageMagick 7.0.7-2 tiene una fuga de memoria en ReadSGIImage en coders/sgi.c. • http://www.securityfocus.com/bid/101231 https://github.com/ImageMagick/ImageMagick/issues/759 https://usn.ubuntu.com/3681-1 • CWE-772: Missing Release of Resource after Effective Lifetime •