CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2016-5842 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-5842
26 Aug 2016 — MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. MagickCore/property.c en ImageMagick en versiones anteriores a 7.0.2-1 permite a atacantes remotos obtener información de memoria sensible a través de vectores que implican a la variable q, lo que desencadena una lectura fuera de límites. handling problems and cases of missing or incomplete input sanitising may result i... • http://www.openwall.com/lists/oss-security/2016/06/23/1 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 2CVE-2016-6491 – Gentoo Linux Security Advisory 201611-21
https://notcve.org/view.php?id=CVE-2016-6491
26 Aug 2016 — Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image. Desbordamiento de búfer en la función Get8BIMProperty en MagickCore/property.c en ImageMagick en versiones anteriores a 6.9.5-4 y 7.x en versiones anteriores a 7.0.2-6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites, fuga de ... • http://www.openwall.com/lists/oss-security/2016/07/28/13 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8898 – ImageMagick: Prevent NULL pointer access in magick/constitute.c
https://notcve.org/view.php?id=CVE-2015-8898
17 Jun 2016 — The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. La función WriteImages en magick/constitu.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo de imagen manipulado. ImageMagick is an image display and manipulation tool for the X Window System that can read and wr... • http://www.openwall.com/lists/oss-security/2016/06/02/13 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5239 – ImageMagick,GraphicsMagick: Gnuplot delegate vulnerability allowing command injection
https://notcve.org/view.php?id=CVE-2016-5239
17 Jun 2016 — The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. La funcionalidad de delegación gnuplot en ImageMagick en versiones anteriores a 6.9.4-0 y GraphicsMagick permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attack... • http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 2%CPEs: 25EXPL: 0CVE-2015-8896 – ImageMagick: Integer truncation vulnerability in coders/pict.c
https://notcve.org/view.php?id=CVE-2015-8896
17 Jun 2016 — Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. Problema de truncamiento de entero en coders/pict.c en ImageMagick en versiones anteriores a 7.0.5-0 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un archivo .pict manipulado. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple... • http://www.openwall.com/lists/oss-security/2015/10/07/2 •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2015-8895 – ImageMagick: Integer and buffer overflow in coders/icon.c
https://notcve.org/view.php?id=CVE-2015-8895
17 Jun 2016 — Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. Desbordamiento de entero en coders/icon.c en ImageMagick 6.9.1-3 y versiones posteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un valor de longitud manipulado, lo que desencadena un desbordamiento de búfer. ImageMagick is an image display and mani... • http://www.openwall.com/lists/oss-security/2016/06/02/13 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8897 – ImageMagick: Crash due to out of bounds error in SpliceImage
https://notcve.org/view.php?id=CVE-2015-8897
17 Jun 2016 — The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file. La función SpliceImage en MagickCore/transform.c en ImageMagick en versiones anteriores a 6.9.2-4 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo png manipulado. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple ... • http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4563 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-4563
04 Jun 2016 — The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función TraceStrokePolygon en MagickCore/draw.c en ImageMagick en versiones anteriores a 6.9.4-0 y 7.x en versiones anteriores a 7.0.1-2 no maneja correctam... • http://www.imagemagick.org/script/changelog.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4562 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-4562
04 Jun 2016 — The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función DrawDashPolygon en MagickCore/draw.c en ImageMagick en versiones anteriores a 6.9.4-0 y 7.x en versiones anteriores a 7.0.1-2 no maneja correctamente los cálculos de ciertos vérti... • http://www.imagemagick.org/script/changelog.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4564 – Debian Security Advisory 3652-1
https://notcve.org/view.php?id=CVE-2016-4564
04 Jun 2016 — The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en MagickCore/draw.c en ImageMagick en versiones anteriores a 6.9.4-0 y 7.x en versiones anteriores a 7.0.1-2 hace una llamada a una función incorrecta intentan... • http://www.imagemagick.org/script/changelog.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •