CVE-2016-8707
https://notcve.org/view.php?id=CVE-2016-8707
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. Existe una escritura fuera de límites explotable en el manejo de imágenes TIFF comprimidas en la utilidad de conversión ImageMagicks. Un documento TIFF manipulado puede conducir a una escritura fuera de límites que en circunstancias particulares lo que puede ser aprovechado en la ejecución remota de código. • http://www.debian.org/security/2017/dsa-3799 http://www.securityfocus.com/bid/94727 http://www.talosintelligence.com/reports/TALOS-2016-0216 • CWE-787: Out-of-bounds Write •
CVE-2016-6520
https://notcve.org/view.php?id=CVE-2016-6520
Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. Desbordamiento de búfer en MagickCore/enhance.c en ImageMagick en versiones anteriores a 7.0.2-7 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionados con morfología de caché de píxeles. • http://www.imagemagick.org/script/changelog.php http://www.openwall.com/lists/oss-security/2016/08/02/10 http://www.openwall.com/lists/oss-security/2016/08/02/6 http://www.securitytracker.com/id/1036502 https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6 • CWE-125: Out-of-bounds Read •
CVE-2016-9556
https://notcve.org/view.php?id=CVE-2016-9556
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. La función IsPixelGray en MagickCore/pixel-accessor.h en ImageMagick 7.0.3-8 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html http://www.debian.org/security/2016/dsa-3726 http://www.openwall.com/lists/oss-security/2016/11/23/1 http://www.openwall.com/lists/oss-security/2016/12/01/4 http://www.openwall.com/lists/oss-security/2016/12/02/12 http://www.securityfocus.com/bid/94492 https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h https://bugzilla.redhat.com/show_bug • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-7799
https://notcve.org/view.php?id=CVE-2016-7799
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. MagickCore/profile.c en ImageMagick en versiones anteriores a 7.0.3-2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado. • http://www.debian.org/security/2016/dsa-3726 http://www.openwall.com/lists/oss-security/2016/10/01/4 http://www.openwall.com/lists/oss-security/2016/10/01/6 http://www.securityfocus.com/bid/93264 https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa https://github.com/ImageMagick/ImageMagick/issues/280 https://security.gentoo.org/glsa/201611-21 • CWE-125: Out-of-bounds Read •
CVE-2016-8862
https://notcve.org/view.php?id=CVE-2016-8862
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. La función AcquireMagickMemory en MagickCore/memory.c en ImageMagick en versiones anteriores a 7.0.3.3 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada, lo que desencadena un fallo de asignación de memoria. • http://www.debian.org/security/2016/dsa-3726 http://www.openwall.com/lists/oss-security/2016/10/20/2 http://www.openwall.com/lists/oss-security/2016/10/20/3 http://www.securityfocus.com/bid/93794 https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c https://bugzilla.redhat.com/show_bug.cgi?id=1387135 https://github.com/ImageMagick/ImageMagick/issues/271 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •