CVE-2017-15238
https://notcve.org/view.php?id=CVE-2017-15238
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. ReadOneJNGImage en coders/png.c en GraphicsMagick 1.3.26 tiene un problema de uso de memoria previamente liberada cuando el ancho o el alto es cero, relacionado con ReadJNGImage. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=93bdb9b30076 http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=df946910910d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/469 https://www.debian.org/security/2018/dsa-4321 • CWE-416: Use After Free •
CVE-2017-14997
https://notcve.org/view.php?id=CVE-2017-14997
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. GraphicsMagick 1.3.26 permite que los atacantes remotos provoquen una denegación de servicio (asignación excesiva de memoria) a causa de un subdesbordamiento de enteros en ReadPICTImage en coders/pict.c. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=0683f8724200 http://www.securityfocus.com/bid/101183 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/511 https://sourceforge.net/p/graphicsmagick/code • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2017-14994
https://notcve.org/view.php?id=CVE-2017-14994
ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. ReadDCMImage en coders/dcm.c en GraphicsMagick 1.3.26 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante una imagen DICOM manipulada. Esta vulnerabilidad está relacionada con la capacidad de DCM_ReadNonNativeImages para proporcionar una lista de imágenes con frames con valor cero. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=b3eca3eaa264 http://www.securityfocus.com/bid/101182 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://nandynarwhals.org/CVE-2017-14994 https://sourceforge.net/p/graphicsmagick/bugs/512 http • CWE-476: NULL Pointer Dereference •
CVE-2017-14733
https://notcve.org/view.php?id=CVE-2017-14733
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. ReadRLEImage en coders/rle.c en GraphicsMagick 1.3.26 no gestiona correctamente las cabeceras RLE que especifican muy pocos colores. Esto permite que los atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap y cierre inesperado de la aplicación) mediante un archivo manipulado. • http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=5381c71724e3 https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/458 https://usn.ubuntu.com/4232-1 https://www.debian.org/security/2018/dsa-4321 • CWE-125: Out-of-bounds Read •
CVE-2017-14649
https://notcve.org/view.php?id=CVE-2017-14649
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). ReadOneJNGImage en coders/png.c en GraphicsMagick 1.3.26 no valida correctamente los datos JNG, provocando una denegación de servicio (fallo de aserción en magick/pixel_cache.c y cierre inesperado de la aplicación). • http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a http://www.securityfocus.com/bid/100958 https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/439 https://usn.ubuntu.com/4232 • CWE-617: Reachable Assertion •