CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27763
https://notcve.org/view.php?id=CVE-2020-27763
03 Dec 2020 — A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. Se encontró un fallo en ImageMagick en el archivo MagickCore/resize.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894682 • CWE-369: Divide By Zero •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27764 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27764
03 Dec 2020 — In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. En el archivo /MagickCore/s... • https://bugzilla.redhat.com/show_bug.cgi?id=1894683 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2016-7524
https://notcve.org/view.php?id=CVE-2016-7524
06 Feb 2020 — coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. El archivo coders/meta.c en ImageMagick permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) por medio de un archivo diseñado. • http://www.openwall.com/lists/oss-security/2016/09/22/2 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2016-7523
https://notcve.org/view.php?id=CVE-2016-7523
06 Feb 2020 — coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. El archivo coders/meta.c en ImageMagick permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) por medio de un archivo diseñado. • http://www.openwall.com/lists/oss-security/2016/09/22/2 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17547
https://notcve.org/view.php?id=CVE-2019-17547
14 Oct 2019 — In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. En ImageMagick versiones anteriores a 7.0.8-62, la función TraceBezier en el archivo MagickCore/draw.c presenta una vulnerabilidad de uso de la memoria previamente liberada. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17541 – ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c
https://notcve.org/view.php?id=CVE-2019-17541
14 Oct 2019 — ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. ImageMagick versiones anteriores a 7.0.8-55, presenta una vulnerabilidad de uso de la memoria previamente liberada de la función DestroyStringInfo en el archivo MagickCore/string.c porque el administrador de errores es manejado inapropiadamente en el archivo coders/jpeg.c. ImageMagick is an image display and manipulation tool for the X Window System that can ... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-13137 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-13137
01 Jul 2019 — ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de fuga de memoria en la función ReadPSImage in coders/ps. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13136
https://notcve.org/view.php?id=CVE-2019-13136
01 Jul 2019 — ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de desbordamiento de enteros en la función TIFFSeekCustomStream in coders/tiff.c. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 21EXPL: 0CVE-2019-13135 – ImageMagick: a "use of uninitialized value" vulnerability in the function ReadCUTImage leading to a crash and DoS
https://notcve.org/view.php?id=CVE-2019-13135
01 Jul 2019 — ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de "use of uninitialized value" en la función ReadCUTImage in coders/cut.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-456: Missing Initialization of a Variable CWE-908: Use of Uninitialized Resource •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10131 – ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2019-10131
30 Apr 2019 — An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa. An off-by... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html • CWE-193: Off-by-one Error •