CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20176 – Ubuntu Security Notice USN-7164-1
https://notcve.org/view.php?id=CVE-2021-20176
05 Feb 2021 — A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/gem.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en la forma de una div... • https://bugzilla.redhat.com/show_bug.cgi?id=1916610 • CWE-369: Divide By Zero •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27755
https://notcve.org/view.php?id=CVE-2020-27755
08 Dec 2020 — in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior... • https://bugzilla.redhat.com/show_bug.cgi?id=1894232 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27753
https://notcve.org/view.php?id=CVE-2020-27753
08 Dec 2020 — There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemo... • https://bugzilla.redhat.com/show_bug.cgi?id=1894229 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27752
https://notcve.org/view.php?id=CVE-2020-27752
08 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum-private.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1894226 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25667
https://notcve.org/view.php?id=CVE-2020-25667
08 Dec 2020 — TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. La función TIFFGetProfiles() en el archivo /coders/tiff.c llama a la funci... • https://bugzilla.redhat.com/show_bug.cgi?id=1891613 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25664 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-25664
08 Dec 2020 — In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68. En la función WriteOnePNGImage() del codificad... • https://bugzilla.redhat.com/show_bug.cgi?id=1891605 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25663
https://notcve.org/view.php?id=CVE-2020-25663
08 Dec 2020 — A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions pri... • https://bugzilla.redhat.com/show_bug.cgi?id=1891601 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25666
https://notcve.org/view.php?id=CVE-2020-25666
08 Dec 2020 — There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. • https://bugzilla.redhat.com/show_bug.cgi?id=1891612 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25675
https://notcve.org/view.php?id=CVE-2020-25675
08 Dec 2020 — In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pi... • https://bugzilla.redhat.com/show_bug.cgi?id=1891933 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25676 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-25676
08 Dec 2020 — In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to sup... • https://bugzilla.redhat.com/show_bug.cgi?id=1891934 • CWE-190: Integer Overflow or Wraparound •