CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27767
https://notcve.org/view.php?id=CVE-2020-27767
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1894687 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27775
https://notcve.org/view.php?id=CVE-2020-27775
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/quantum.h. • https://bugzilla.redhat.com/show_bug.cgi?id=1898300 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27765
https://notcve.org/view.php?id=CVE-2020-27765
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/segment.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1894684 • CWE-369: Divide By Zero •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27774
https://notcve.org/view.php?id=CVE-2020-27774
04 Dec 2020 — A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo MagickCore/statistic.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1898296 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-27772 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27772
04 Dec 2020 — A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. Se encontró un fallo en ImageMagick en el archivo coders/bmp.c. • https://bugzilla.redhat.com/show_bug.cgi?id=1898291 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27761
https://notcve.org/view.php?id=CVE-2020-27761
03 Dec 2020 — WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick... • https://bugzilla.redhat.com/show_bug.cgi?id=1894679 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19667
https://notcve.org/view.php?id=CVE-2020-19667
20 Nov 2020 — Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. Un desbordamiento de búfer en la región stack de la memoria y un salto incondicional en la función ReadXPMImage en el archivo coders/xpm.c en ImageMagick versión 7.0.10-7 • https://github.com/ImageMagick/ImageMagick/issues/1895 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27560 – Ubuntu Security Notice USN-4670-1
https://notcve.org/view.php?id=CVE-2020-27560
22 Oct 2020 — ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. ImageMagick versión 7.0.10-34, permite una División por Cero en la función OptimizeLayerFrames en el archivo MagickCore/layer.c, lo que puede causar una denegación de servicio It was discovered that ImageMagick incorrectly handled certain specially crafted image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker ... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00037.html • CWE-369: Divide By Zero •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13902
https://notcve.org/view.php?id=CVE-2020-13902
07 Jun 2020 — ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. ImageMagick versiones 7.0.9-27 hasta 7.0.10-17, presenta una lectura excesiva del búfer en la región heap de la memoria en la función BlobToStringInfo en el archivo MagickCore/string.c durante una decodificación de una imagen TIFF • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-10251
https://notcve.org/view.php?id=CVE-2020-10251
10 Mar 2020 — In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. ImageMagick versión 7.0.9, tiene una vulnerabilidad de lectura fuera de límites dentro de la función ReadHEICImageByID en el archivo coders\heic.c. Puede ser desencadenada por medio de una imagen con un valor de anchura o altura que exceda el tamaño real de la imagen. • https://github.com/ImageMagick/ImageMagick/issues/1859 • CWE-125: Out-of-bounds Read •