Page 6 of 31 results (0.013 seconds)

CVSS: 9.3EPSS: 2%CPEs: 24EXPL: 0

Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos inferiores de búfer basados en montículo en la función ReadPALMImage en coders/palm.c de GraphicsMagick before v1.2.3, permite a atacantes remotos provocar una denegación de servicio (caída) o posibilidad de ejecutar código de su elección a través de una imagen PALM manipulada, es un vulnerabilidad diferente a CVE-2007-0770. NOTA: Algunos de estos detalles se han obtenido de terceras personas. • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/palm.c http://secunia.com/advisories/30549 http://sourceforge.net/project/shownotes.php?release_id=604837 http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485 http://www.securityfocus.com/bid/29583 https://exchange.xforce.ibmcloud.com/vulnerabilities/42904 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 7%CPEs: 20EXPL: 0

Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en montículo en la función DecodeImage de coders/pict.c de GraphicsMagick anterior a v1.1.14 y v1.2.x anterior a v1.2.3; permite a atacantes remotos provocar una denegación de servicio (caída) o puede que ejecutar código de su elección a través de una imagen PICT manipulada. NOTA: algunos de los detalles se han obtenido de fuentes de terceros. • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pict.c http://secunia.com/advisories/30549 http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837 http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485 http://www.securityfocus.com/bid/29583 https://exchange.xforce.ibmcloud.com/vulnerabilities/42906 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 3%CPEs: 20EXPL: 0

Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images. Múltiples vulnerabilidades no especificadas en GraphicsMagick anterior a v1.1.14, y v1.2.x anterior a 1v.2.3, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores no especificados en (1) XCF y (2) imágenes CINEON. • http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xcf.c http://secunia.com/advisories/30549 http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837 http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485 http://www.securityfocus.com/bid/29583 •

CVSS: 5.0EPSS: 5%CPEs: 15EXPL: 0

Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file. Múltiples vulnerabilidades sin especificar en GraphicsMAgick anterior a 1.2.4, permite a atacantes remotos provocar una denegación de servicio (caída, bucle infinito o consumo de memoria) a través de vectores no especificados en los decodificadores (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, y (9) TGA; y (b) la función GetImageCharacteristics en magick/image.c, desde un fichero (10) PNG, (11) JPEG, (12) BMP, o (13) TIFF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://secunia.com/advisories/30879 http://secunia.com/advisories/32151 http://sourceforge.net/forum/forum.php?forum_id=841176 http://sourceforge.net/project/shownotes.php?release_id=610253 http://www.securityfocus.com/bid/30055 http://www.securitytracker.com/id?1020413 http://www.vupen.com/english/advisories/2008/1984/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43511 https://exchange.xforce.ibmcloud& • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 4%CPEs: 10EXPL: 1

The load_tile function in the XCF coder in coders/xcf.c in (1) ImageMagick 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly related to the ScaleCharToQuantum function. La función load_tile en el codificador XCF de coders/xcf.c en (1) ImageMagick 6.2.8-0 y (2) GraphicsMagick (también conocido como gm) 1.1.7 permite a atacantes remotos asistidos por usuarios provocar una denegación de servicio (caída) o prosiblemente ejecutar código de su elección a través de un archivo .xcf manipulado que dispara una escritura en el montículo fuera de rango, posiblemente relacionada con la función ScaleCharToQuantum. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414370 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://osvdb.org/43212 http://secunia.com/advisories/29786 http://secunia.com/advisories/30967 http://secunia.com/advisories/32945 http://secunia.com/advisories/36260 http://www.debian.org/security/2009/dsa-1858 http://www.mandriva.com/security/advisories?name=MDVSA-2008:099 http://www.redhat.com/support/errata/RHSA-2008-0145.html http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •