Page 87 of 733 results (0.024 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2019-13296

https://notcve.org/view.php?id=CVE-2019-13296

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value. ImageMagick versión 7.0.8-50 Q16, presenta pérdidas de memoria directa en la función AcquireMagickMemory debido a un error en CLIListOperatorImages en el archivo MagickWand/operation.c para un valor NULL. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425 https://github.com/ImageMagick/ImageMagick/issues/1604 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1

CVE-2019-13295 – ImageMagick: heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled

https://notcve.org/view.php?id=CVE-2019-13295

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled. ImageMagick versión 7.0.8-50 Q16, presenta una lectura excesiva del búfer en la región heap de la memoria en el archivo MagickCore/threshold.c en la función AdaptiveThresholdImage porque un ancho de cero se maneja inapropiadamente. A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a width of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html https://github.com/ImageMagick/ImageMagick/commit/a7759f410b773a1dd57b0e1fb28112e1cd8b97bc https://github.com/ImageMagick/ImageMagick/issues/1608 https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html https://usn.ubuntu.com/4192-1 https://www.debian.org/security/2020/dsa-4712 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2019-5051

https://notcve.org/view.php?id=CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en memoria dinámica (heap) cuando se carga un archivo PCX en SDL2_image, versión 2.0.4. La falta de un manejador de errores puede provocar un desbordamiento del búfer y una posible ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820 https://usn.ubuntu.com/4238-1 • CWE-390: Detection of Error Condition Without Action CWE-755: Improper Handling of Exceptional Conditions CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2019-5052

https://notcve.org/view.php?id=CVE-2019-5052

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros explotable al cargar un archivo PCX en SDL2_image versión 2.0.4. Un archivo especialmente manipulado puede provocar un desbordamiento de enteros, en un espacio asignado demasiado pequeño, lo que puede provocar un desbordamiento de búfer y una posible ejecución de código. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00030.html https://lists.debian.org/debian-lts-announce/2019/07/msg00021.html https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821 https: • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2019-13164

https://notcve.org/view.php?id=CVE-2019-13164

qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. qemu-bridge-helper.c en QEMU versión 3.1 y 4.0.0 no garantiza que un nombre de interfaz de red (obtenido de bridge.conf o una opción --br = bridge) esté limitado al tamaño de IFNAMSIZ, lo que puede llevar a una derivación de ACL. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html http://www.openwall.com/lists/oss-security/2019/07/02/2 http://www.securityfocus.com/bid/109054 https://github.com/qemu/qemu/commit/03d7712b4bcd47bfe0fe14ba2fffa87e111fa086 https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00145.html https://seclists.org/bugtraq/2019/Au •