CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2012-0259 – ImageMagick: Out-of heap-based buffer read by processing crafted JPEG EXIF header tag value
https://notcve.org/view.php?id=CVE-2012-0259
05 Jun 2012 — The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. La función GetEXIFProperty en magick/property.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un valor cero en el número de componentes de una etiqueta EXIF Xresolution en un archiv... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 17EXPL: 0CVE-2012-0260 – ImageMagick: excessive CPU use DoS by processing JPEG images with crafted restart markers
https://notcve.org/view.php?id=CVE-2012-0260
05 Jun 2012 — The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. La función de JPEGWarningHandler en coders/jpeg.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una imagen JPEG con una secuencia de marcadores de reinicio hecha a mano. Aleksis Kauppinen, Joonas Kuorilehto and Tuoma... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 0CVE-2012-1610
https://notcve.org/view.php?id=CVE-2012-1610
05 Jun 2012 — Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. Desbordamiento de entero en la función GetEXIFProperty en la magick/property.c en ImageMagick antes de v6.7.6-4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera ... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2012-1798 – ImageMagick: Out-of-bounds buffer read by copying image bytes for TIFF images with crafted TIFF EXIF IFD value
https://notcve.org/view.php?id=CVE-2012-1798
05 Jun 2012 — The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. La función de TIFFGetEXIFProperties en coders/tiff.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites y caída de la aplicación) a través de un IFD EXIF modificado en una imagen TIFF. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2012-1185 – Gentoo Linux Security Advisory 201405-09
https://notcve.org/view.php?id=CVE-2012-1185
05 Jun 2012 — Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Múltiples desbordamientos de enteros en (1) Magick/profile.c o (2) magick/property.c de ImageMagick v6.7.5 y anteriores permite a atac... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-1186 – Gentoo Linux Security Advisory 201405-09
https://notcve.org/view.php?id=CVE-2012-1186
05 Jun 2012 — Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. Un desbordamiento de entero en la función SyncImageProfiles en profile.c en ImageMagick v6.7.5-8 y anteriores permite a atacantes remotos causar una denegación de servicio (por un bucle infinito) a través de las ... • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.3EPSS: 0%CPEs: 326EXPL: 0CVE-2010-4167 – ImageMagick: configuration files read from $CWD may allow arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-4167
22 Nov 2010 — Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en configure.c de ImageMagick anterior a v6.6.5-5, cuando está definido MAGICKCORE_INSTALLED_SUPPORT, permite a usuarios locales aumentar sus privilegios mediante un fichero de configuración de un troyano en el directorio de t... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601824 •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 0CVE-2009-1882 – GraphicsMagick: Integer overflow in the routine creating X11 images
https://notcve.org/view.php?id=CVE-2009-1882
02 Jun 2009 — Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. Desbordamiento de entero en la función XMakeImage en magick/xwindow.c en ImageMagick v6.5.2-8 permite a atacantes remotos producir una denegación de servicio (caída) y posibleme... • http://imagemagick.org/script/changelog.php • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 9%CPEs: 10EXPL: 1CVE-2008-1096 – Out of bound write in ImageMagick's XCF coder
https://notcve.org/view.php?id=CVE-2008-1096
05 Mar 2008 — The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. La función load_tile en el codificador XCF de coders/xcf.c en (1) ImageMagick 6.2.8-0 y (2) GraphicsMagick (también conocido como gm) 1.1.7 permite a atacantes r... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 7%CPEs: 10EXPL: 1CVE-2008-1097 – Memory corruption in ImageMagick's PCX coder
https://notcve.org/view.php?id=CVE-2008-1097
05 Mar 2008 — Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. Desbordamiento de búfer basado en montículo en la función ReadPCXImage del codificador PCX de coders/pcx.c en (1) Im... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034 • CWE-399: Resource Management Errors •