Page 54 of 278 results (0.005 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595 http://secunia.com/advisories/21719 http://secunia.com/advisories/24186 http://secunia.com/advisories/24284 http://www.debian.org/security/2006/dsa-1168 http://www.redhat.com/support/errata/RHSA-2007-0015.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9481 https://access.redhat.com/security/cve/CVE-2006-2 •

CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 1

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://rhn.redhat.com/errata/RHSA-2006-0178.html http://secunia.com/advisories/18261 http://secunia.com/advisories/18607 http://secunia.com/advisories/18851 http://secunia.com/advisories/18871 http://secunia.com/advisories/19030 http://secunia.com/advisories/19183 http://secunia.com/advisories/19408 http://secunia.com/advisories/22998 http:/ • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345238 http://rhn.redhat.com/errata/RHSA-2006-0178.html http://secunia.com/advisories/18261 http://secunia.com/advisories/18607 http://secunia.com/advisories/18631 http://secunia.com/advisories/18871 http://secunia.com/advisories/19183 http://secunia.com/advisories/19408 http://secunia.com/advisories/23090 http://secunia.com/advisories/28800 http:/ •

CVSS: 7.2EPSS: 0%CPEs: 58EXPL: 0

ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime. • http://secunia.com/advisories/17427 http://www.gentoo.org/security/en/glsa/glsa-200511-02.xml http://www.osvdb.org/20528 http://www.securityfocus.com/bid/15120 http://www.vupen.com/english/advisories/2005/2281 •

CVSS: 5.0EPSS: 3%CPEs: 43EXPL: 1

The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. • http://bugs.gentoo.org/show_bug.cgi?id=90423 http://secunia.com/advisories/15429 http://secunia.com/advisories/15446 http://secunia.com/advisories/15453 http://security.gentoo.org/glsa/glsa-200505-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:107 http://www.osvdb.org/16774 http://www.osvdb.org/16775 http://www.redhat.com/support/errata/RHSA-2005-480.html http://www.securityfocus.com/bid/13705 https://oval.cisecurity.org/repository/search/defini •