Page 52 of 285 results (0.019 seconds)

CVSS: 6.8EPSS: 4%CPEs: 10EXPL: 1

The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. La función load_tile en el codificador XCF de coders/xcf.c en (1) ImageMagick 6.2.8-0 y (2) GraphicsMagick (también conocido como gm) 1.1.7 permite a atacantes remotos asistidos por usuarios provocar una denegación de servicio (caída) o prosiblemente ejecutar código de su elección a través de un archivo .xcf manipulado que dispara una escritura en el montículo fuera de rango, posiblemente relacionada con la función ScaleCharToQuantum. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://osvdb.org/43212 http://secunia.com/advisories/29786 http://secunia.com/advisories/30967 http://secunia.com/advisories/32945 http://secunia.com/advisories/36260 http://www.debian.org/security/2009/dsa-1858 http://www.mandriva.com/security/advisories?name=MDVSA-2008:099 http://www.redhat.com/support/errata/RHSA-2008-0145.html http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 2%CPEs: 10EXPL: 1

Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption. Desbordamiento de búfer basado en montículo en la función ReadPCXImage del codificador PCX de coders/pcx.c en (1) ImageMagick 6.2.4-5 y 6.2.8-0 y (2) GraphicsMagick (también conocido como gm) 1.1.7 permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio (caída) o posiblemente ejecutar código de su elección a través del fichero .pcx que dispara una asignación incorrecta de memoria para el array scanline, provocando corrupción de memoria. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://osvdb.org/43213 http://secunia.com/advisories/29786 http://secunia.com/advisories/29857 http://secunia.com/advisories/30967 http://secunia.com/advisories/36260 http://secunia.com/advisories/55721 http://security.gentoo.org/glsa/glsa-201311-10.xml http://www.debian.org/security/2009/dsa-1858 http://www.mandriva.com/security/advisories?n • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 0%CPEs: 57EXPL: 1

Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. Error de superación de límite (off-by-one) en la función ReadBlobString en blob.c de ImageMagick versiones anteriores a 6.3.5-9 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante un fichero de imagen manipulado, que dispara la escritura de un caracter '\0' en una dirección fuera de límites. • http://bugs.gentoo.org/show_bug.cgi?id=186030 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 http://secunia.com/advisories/26926 http://secunia.com/advisories/27048 http://secunia.com/advisories/27309 http://secunia.com/advisories/27364 http://secunia.com/advisories/27439 http://secunia.com/advisories/28721 http://secunia.com/advisories/36260 http://security.gentoo.org/glsa/glsa-200710-27.xml http://studio.imagemagick.org/pipermail/magick-announce/2007- • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 1%CPEs: 57EXPL: 0

Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en ImageMagick versiones anteriores a 6.3.5-9 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante un fichero de imagen (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, ó (5) .xwd que dispara un desbordamiento de búfer basado en pila. • http://bugs.gentoo.org/show_bug.cgi?id=186030 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=594 http://secunia.com/advisories/26926 http://secunia.com/advisories/27048 http://secunia.com/advisories/27309 http://secunia.com/advisories/27364 http://secunia.com/advisories/27439 http://secunia.com/advisories/28721 http://secunia.com/advisories/29786 http://secunia.com/advisories/29857 http://secunia.com/advisories/35316 http://secunia.com/advisories/36260 h • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 4.3EPSS: 5%CPEs: 57EXPL: 0

ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. ImageMagick versiones anteriores a 6.3.5-9 permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio mediante un fichero de imagen manipulado que dispara (1) un bucle infinito en la función ReadDCMImage, relativo a llamadas a la función ReadBlobByte; ó (2) un bucle infinito en la función ReadXCFImage, relativo a llamadas a la función ReadBlobMSBLong. • http://bugs.gentoo.org/show_bug.cgi?id=186030 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=596 http://secunia.com/advisories/26926 http://secunia.com/advisories/27048 http://secunia.com/advisories/27309 http://secunia.com/advisories/27364 http://secunia.com/advisories/27439 http://secunia.com/advisories/28721 http://secunia.com/advisories/29786 http://secunia.com/advisories/29857 http://secunia.com/advisories/36260 http://security.gentoo.org/glsa/glsa& • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •