CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 2CVE-2017-15277
https://notcve.org/view.php?id=CVE-2017-15277
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. ReadGIFImage en coders/gif.c en ImageMagick 7.0.6-1 y GraphicsMagick 1.3.26 deja sin inicializar la paleta cuando se procesa un archivo GIF que no tiene ni una paleta global ni una local. Si el producto afectado se utiliza como una librería cargada en un proceso que opera en datos de interés, estos datos pueden filtrarse a veces mediante la paleta no inicializada. • https://github.com/hexrom/ImageMagick-CVE-2017-15277 https://github.com/ImageMagick/ImageMagick/commit/9fd10cf630832b36a588c1545d8736539b2f1fb5 https://github.com/ImageMagick/ImageMagick/issues/592 https://github.com/neex/gifoeb https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://usn.ubuntu.com/3681-1 https://usn.ubuntu.com/4232-1 https://www.debian.org/security/2017/dsa-4032 https://www.debian.org/security/2017/dsa-4040 https://www.debian.org/security/2018/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 0CVE-2017-15281
https://notcve.org/view.php?id=CVE-2017-15281
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." ReadPSDImage en coders/psd.c en ImageMagick 7.0.7-6 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de aplicación) o posiblemente produzca otro impacto no especificado mediante un archivo manipulado. Esto está relacionado con "Conditional jump or move depends on uninitialised value(s)". • http://www.securityfocus.com/bid/101276 https://github.com/ImageMagick/ImageMagick/issues/832 https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html https://security.gentoo.org/glsa/201711-07 https://usn.ubuntu.com/3681-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15217
https://notcve.org/view.php?id=CVE-2017-15217
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ImageMagick 7.0.7-2 tiene una fuga de memoria en ReadSGIImage en coders/sgi.c. • http://www.securityfocus.com/bid/101231 https://github.com/ImageMagick/ImageMagick/issues/759 https://usn.ubuntu.com/3681-1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15218
https://notcve.org/view.php?id=CVE-2017-15218
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. ImageMagick 7.0.7-2 tiene una fuga de memoria en ReadOneJNGImage en coders/png.c. • http://www.securityfocus.com/bid/101233 https://github.com/ImageMagick/ImageMagick/issues/760 https://usn.ubuntu.com/3681-1 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15032
https://notcve.org/view.php?id=CVE-2017-15032
ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. ImageMagick 7.0.7-2 tiene una vulnerabilidad de fuga de memoria en ReadYCBCRImage en coders/ycbcr.c. • https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0 https://usn.ubuntu.com/3681-1 • CWE-772: Missing Release of Resource after Effective Lifetime •