CVSS: 5.5EPSS: 1%CPEs: 5EXPL: 0CVE-2015-8808
https://notcve.org/view.php?id=CVE-2015-8808
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. La función DecodeImage en coders/gif.c en GraphicsMagick 1.3.18 permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de un archivo GIF manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html http://marc.info/?l=graphicsmagick-commit&m=142283721604323&w=2 http://www.debian.org/security/2016/dsa-3746 http://www.openwall.com/lists/oss-security/2016/02/06/1 http://www.openwall.com/lists/oss-security/2016/02/06/3 http://www.securityfocus.com/bid/83058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5240 – ImageMagick: SVG converting issue resulting in DoS
https://notcve.org/view.php?id=CVE-2016-5240
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file. La función DrawDashPolygon en magick/render.c en GraphicsMagick en versiones anteriores a 1.3.24 y el SVG renderer en ImageMagick permiten a atacantes remotos provocar una denegación de servicio (bucle infinito) convirtiendo un archivo SVG definido circularmente. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=ddc999ec896c http://www.debian.org/security/2016/dsa-3746 http://www.graphicsmagick.org/ChangeLog-2016.html http://www.openwall.com/lists/oss-security/2016/05/01/4 http://www.openwall.com/lists/oss-security/2016/05/01/6 http://www.openwall.com/lists/oss-security/2016/06/02/14 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/89348 https://acce • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 74%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 http://hg.code.sf.net/p/graphicsmagick/code/file/41876934e762/ChangeLog http://hg.code.sf.net/p/graphicsmagick/code/rev/ae3928faa858 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg0002 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 1%CPEs: 44EXPL: 2CVE-2013-4589
https://notcve.org/view.php?id=CVE-2013-4589
The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. La función ExportAlphaQuantumType en export.c de GraphicsMagick anterior a la versión 1.3.18 podría permitir a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con la exportación de alpha de una imagen RGBA de 8-bit. • http://lists.fedoraproject.org/pipermail/package-announce/2013-November/120008.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00032.html http://secunia.com/advisories/55288 http://secunia.com/advisories/55721 http://security.gentoo.org/glsa/glsa-201311-10.xml http://sourceforge.net/p/graphicsmagick/code/ci/1a2d7a38363f7f23b63d626887d22d39c7240144 http://sourceforge.net/p/graphicsmagick/discussion/250737/thread/20888e8b http://www.openwall.com/lists/oss-security/2013/11/15/14 http:&#x •
CVSS: 4.3EPSS: 3%CPEs: 1EXPL: 1CVE-2012-3438
https://notcve.org/view.php?id=CVE-2012-3438
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. La función Magick_png_malloc en coders/png.c en GraphicsMagick v6.7.8-6 no utiliza adecuadamente el tipo de variable para el tamaño de en memoria, lo cual podría permitir a atacantes remotos causar una denegación de servicio (caída) a través de un fichero PNG manipulado que realiza una asignación de memoria incorrecta. • http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2 http://lists.opensuse.org/opensuse-updates/2013-03/msg00102.html http://secunia.com/advisories/50090 http://www.mandriva.com/security/advisories?name=MDVSA-2012:165 http://www.securityfocus.com/bid/54716 https://bugzilla.redhat.com/show_bug.cgi?id=844105 https://exchange.xforce.ibmcloud.com/vulnerabilities/77259 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •