Page 9 of 118 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. ReadRGBImage en coders/rgb.c en GraphicsMagick 1.3.26 presenta una sobrelectura de búfer basada en memoria dinámica (heap) en magick/import.c ImportRGBQuantumType mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931 http://www.securityfocus.com/bid/102164 https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsma • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. WritePNMImage en coders/pnm.c en GraphicsMagick 1.3.26 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap en bit_stream.c MagickBitStreamMSBWrite y cierre inesperado de la aplicación) o, probablemente, causen cualquier otro tipo de impacto mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260 http://www.securityfocus.com/bid/102158 https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsma • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1

coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. coders/wpg.c en GraphicsMagick 7.0.6 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de aplicación) o, probablemente, causen cualquier otro tipo de problema mediante un archivo manipulado. Esto está relacionado con la función AcquireCacheNexus en magick/pixel_cache.c. • http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 http://hg.code.sf.net/p/graphicsmagick/code • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. La función DrawImage en magick/render.c en GraphicsMagick 1.3.26 no busca correctamente palabras clave pop que estén asociadas a palabras clave push, lo que permite que atacantes remotos provoquen una denegación de servicio (strncpy negativo y cierre inesperado de la aplicación) o, posiblemente, causen otros impactos no especificados mediante un archivo manipulado. • http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc https://lists.debian.org/debian-lts-announce/2017/11/msg00016.html https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/517 https://usn.ubuntu.com • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. La función ReadWPGImage en coders/wpg.c en GraphicsMagick 1.3.26 no valida correctamente las imágenes cuyos colores corresponden a un mapa de color, lo que permite que atacantes remotos provoquen una denegación de servicio (escritura no válida de ImportIndexQuantumType y cierre inesperado de la aplicación) o, posiblemente, causen otros impactos no especificados mediante una imagen WPG mal formada. • http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://sourceforge.net/p/graphicsmagick/bugs/519 https://usn.ubuntu.com/4248-1 https://www.debian.org/security/2018/dsa-4321 • CWE-476: NULL Pointer Dereference •