CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20244 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20244
03 Mar 2021 — A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/visual-effects.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de divisió... • https://bugzilla.redhat.com/show_bug.cgi?id=1928959 • CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20246 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20246
03 Mar 2021 — A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/resample.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en el formulario de división matemática... • https://bugzilla.redhat.com/show_bug.cgi?id=1928941 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-20176 – Ubuntu Security Notice USN-7164-1
https://notcve.org/view.php?id=CVE-2021-20176
05 Feb 2021 — A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. Se encontró un fallo en ImageMagick en el archivo MagickCore/gem.c. Un atacante que envía un archivo diseñado que es procesado por ImageMagick podría desencadenar un comportamiento indefinido en la forma de una div... • https://bugzilla.redhat.com/show_bug.cgi?id=1916610 • CWE-369: Divide By Zero •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27769 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27769
22 Jan 2021 — In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. En ImageMagick versiones anteriores a 7.0.9-0, están fuera del rango de valores representables de tipo "float" en el archivo MagickCore/quantize.c An update that fixes 35 vulnerabilities is now available. This update for ImageMagick fixes the following issues. • https://bugzilla.redhat.com/show_bug.cgi?id=1894690 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27768 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27768
22 Jan 2021 — In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. En ImageMagick, se presenta fuera del rango representable un valor de tipo "unsigned int" en el archivo MagickCore/quantum-private.h. Este fallo afecta a ImageMagick versiones anteriores a 7.0.9-0 It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using Image... • https://bugzilla.redhat.com/show_bug.cgi?id=1894689 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27755 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27755
08 Dec 2020 — in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior... • https://bugzilla.redhat.com/show_bug.cgi?id=1894232 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27753 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27753
08 Dec 2020 — There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemo... • https://bugzilla.redhat.com/show_bug.cgi?id=1894229 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27752 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27752
08 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum-private.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1894226 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-25667
https://notcve.org/view.php?id=CVE-2020-25667
08 Dec 2020 — TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0. La función TIFFGetProfiles() en el archivo /coders/tiff.c llama a la funci... • https://bugzilla.redhat.com/show_bug.cgi?id=1891613 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-25666 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-25666
08 Dec 2020 — There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. • https://bugzilla.redhat.com/show_bug.cgi?id=1891612 • CWE-190: Integer Overflow or Wraparound •