CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13777
https://notcve.org/view.php?id=CVE-2017-13777
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. GraphicsMagick 1.3.26 tiene un problema de denegación de servicio en ReadXBMImage() en un caso coders/xbm.c "Read hex image data" version==10 que resultará en que no retorna el lector. Esto podría hacer que se consuman grandes cantidades de recursos de memoria y CPU aunque el archivo manipulado no lo pida. • http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e http://openwall.com/lists/oss-security/2017/08/31/1 http://www.securityfocus.com/bid/100575 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://usn.ubuntu.com/4222-1 https://www.debian.org/security/2018/dsa-4321 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 1CVE-2017-13776
https://notcve.org/view.php?id=CVE-2017-13776
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. GraphicsMagick 1.3.26 tiene un problema de denegación de servicio en ReadXBMImage() en un caso coders/xbm.c "Read hex image data" version!=10 que resultará en que no retorna el lector. Esto podría hacer que se consuman grandes cantidades de recursos de memoria y CPU aunque el archivo manipulado no lo pida. • http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e http://openwall.com/lists/oss-security/2017/08/31/2 http://www.securityfocus.com/bid/100574 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://usn.ubuntu.com/4222-1 https://www.debian.org/security/2018/dsa-4321 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13775
https://notcve.org/view.php?id=CVE-2017-13775
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. GraphicsMagick 1.3.26 tiene un problema de denegación de servicio en ReadJNXImage() en coders/jnx.c por el que grandes cantidades de recursos de memoria y CPU se pueden consumir aunque el archivo no soporte las peticiones. • http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd http://openwall.com/lists/oss-security/2017/08/31/3 http://www.securityfocus.com/bid/100570 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ https://usn.ubuntu.com/4222-1 https:/ •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13736
https://notcve.org/view.php?id=CVE-2017-13736
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. Existen muchas fugas de memoria en la función GMCommand en magick/command.c en GraphicsMagick 1.3.26 que podría acabar en un ataque de denegación de servicio remoto. • http://www.securityfocus.com/bid/100513 https://bugzilla.redhat.com/show_bug.cgi?id=1484192 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2017-13737
https://notcve.org/view.php?id=CVE-2017-13737
There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. Existe una liberación no válida en la función MagickFree en magick/memory.c en GraphicsMagick 1.3.26 que podría acabar en un ataque de denegación de servicio remoto. • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a http://openwall.com/lists/oss-security/2017/08/29/4 http://www.securityfocus.com/bid/100518 https://bugs.debian.org/878511 https://bugzilla.redhat.com/show_bug.cgi?id=1484196 https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-416: Use After Free •