CVE-2012-1185
https://notcve.org/view.php?id=CVE-2012-1185
Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. Múltiples desbordamientos de enteros en (1) Magick/profile.c o (2) magick/property.c de ImageMagick v6.7.5 y anteriores permite a atacantes remotos causar una denegación de servicio (por corrupción de memoria) y posiblemente ejecutar código de su elección a través de un valor de desplazamiento modificado en la etiqueta ResolutionUnit en EXIF IFD0 de una imagen. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-0247. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://secunia.com/advisories/47926 http://secunia.com/advisories/48974 http://secunia.com/advisories/49043 http://secunia.com/advisories/49317 http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c http://ubuntu.com/usn/usn-1435-1 http://www.debian.org/security/2012/dsa-246 • CWE-190: Integer Overflow or Wraparound •
CVE-2012-1610
https://notcve.org/view.php?id=CVE-2012-1610
Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. Desbordamiento de entero en la función GetEXIFProperty en la magick/property.c en ImageMagick antes de v6.7.6-4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un número de componentes muy grande para ciertas etiquetas EXIF ??en una imagen JPEG. NOTA: esta vulnerabilidad existe debido a una solución incompleta al CVE-2012-0259. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://secunia.com/advisories/48974 http://secunia.com/advisories/49043 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://ubuntu.com/usn/usn-1435-1 http://www.debian.org/security/2012/dsa-2462 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 http://www.openwall.com/lists/oss-security/2012/04/04/6 http://www.osvdb.org/81024 http://www.securityfocus& • CWE-190: Integer Overflow or Wraparound •
CVE-2012-0259 – ImageMagick: Out-of heap-based buffer read by processing crafted JPEG EXIF header tag value
https://notcve.org/view.php?id=CVE-2012-0259
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. La función GetEXIFProperty en magick/property.c en ImageMagick antes de v6.7.6-3 permite a atacantes remotos causar una denegación de servicio (caída) a través de un valor cero en el número de componentes de una etiqueta EXIF Xresolution en un archivo JPEG, lo que desencadena una lectura fuera de límites. • http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0544.html http://secunia.com/advisories/48679 http://secunia.com/advisories/48974 http://secunia.com/advisories/49043 http://secunia.com/advisories/49063 http://secunia.com/advisories/49317 http://secunia.com/advisories/55035 http://ubuntu.com/usn/usn-1435-1 http://www.cert.fi/en/reports/2012/vulnerability635606.html http://www.debian.org/security/2012/dsa-2462 http • CWE-125: Out-of-bounds Read •
CVE-2012-1988 – puppet: Filebucket arbitrary code execution
https://notcve.org/view.php?id=CVE-2012-1988
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. Puppet v2.6.x anterior a v2.6.15 y v2.7.x anterior a v2.7.13, y Puppet Enterprise (PE) Users v1.0, v1.1, v1.2.x, v2.0.x, y v2.5.x anterior a v2.5.1 permite a usuarios remotos autenticados con el agente de claves SSL y permisos de creación de archivos en el puppet maestro ejecutar comandos arbitrarios mediante la creación de un archivo cuyo nombre de ruta completo contiene metacaracteres de shell, para realizar una solicitud "filebucket". telnet.rb en v2.7.x anterior a v2.7.13 y Puppet Enterprise (PE) v1.2.x, v2.0.x y v2.5.x anterior a v2.5.1 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simbólico en el log de registro NET::Telnet (/tmp/out.log). • http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html http://projects.puppetlabs.com/issues/13518 http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 http://puppetlabs.com/security/cve/cve-2012-1988 http://secunia.com/advisories/48743 http://secunia.com/advisories/48748 http://secunia.com/adv • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-0876 – expat: hash table collisions CPU usage DoS
https://notcve.org/view.php?id=CVE-2012-0876
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. El analizador XML (xmlparse.c) en expat antes de v2.1.0 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash de forma predecible, lo que permite causar una denegación de servicio (por consumo de CPU) a atacantes dependientes de contexto a través de un archivo XML con muchos identificadores con el mismo valor. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. • http://bugs.python.org/issue13703#msg151870 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html http://rhn.redhat.com/errata/RHSA-2012-0731.html http://rhn.redhat.com/errata/RHSA-2016-0062.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://secunia.com/advisories/49504 http://secunia.com/advisories/51024 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •