CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2019-10131 – ImageMagick: off-by-one read in formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2019-10131
30 Apr 2019 — An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program. Se encontró una vulnerabilidad de lectura off-by-one en ImageMagick anterior a la versión 7.0.7-28 en la función formatIPTCfromBuffer en coders/meta.c. Un atacante local puede utilizar este fallo para leer más allá del final del búfer o para bloquear el programa. An off-by... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html • CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-10714
https://notcve.org/view.php?id=CVE-2019-10714
02 Apr 2019 — LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV. En ImageMagick, en versiones anteriores a la 7.0.8-32, LocaleLowercase en MagickCore/locale.c permite un acceso fuera de límties, conduciendo a un SIGSEGV. • https://github.com/ImageMagick/ImageMagick/commit/07eebcd72f45c8fd7563d3f9ec5d2bed48f65f36 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7175 – imagemagick: memory leak in function DecodeImage in coders/pcd.c
https://notcve.org/view.php?id=CVE-2019-7175
07 Mar 2019 — In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, hay fugas de memoria en DecodeImage en coders/pcd.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7398 – ImageMagick: Memory leak in the WriteDIBImage function in coders/dib.c
https://notcve.org/view.php?id=CVE-2019-7398
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WriteDIBImage en coders/dib.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-7397 – ImageMagick: Memory leak in the WritePDFImage function in coders/pdf.c
https://notcve.org/view.php?id=CVE-2019-7397
05 Feb 2019 — In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. En ImageMagick, en versiones anteriores a la 7.0.8-25, y GraphicsMagick, hasta la versión 1.3.31, existen varias vulnerabilidades de fuga de memoria en WritePDFImage en coders/pdf.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into processing a specially crafted file, an attacker c... • http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7396 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-7396
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en ReadSIXELImage en coders/sixel.c. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2019-7395 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-7395
05 Feb 2019 — In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. En ImageMagick en versiones anteriores a la 7.0.8-25, existe una vulnerabilidad de fuga de memoria en WritePSDChannel en coders/psd.c. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1CVE-2018-20467 – ImageMagick: infinite loop in coders/bmp.c
https://notcve.org/view.php?id=CVE-2018-20467
26 Dec 2018 — In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. En coders/bmp.c en ImageMagick en versiones anteriores a la 7.0.8-16, un archivo de entradas puede resultar en un bucle infinito y un bloqueo, con un gran consumo de CPU y memoria. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-16750 – ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c
https://notcve.org/view.php?id=CVE-2018-16750
09 Sep 2018 — In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. En ImageMagick 7.0.7-29 y anteriores, se ha encontrado una fuga de memoria en la función formatIPTCfromBuffer en coders/meta.c. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, this update includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if nece... • http://www.securityfocus.com/bid/108492 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2018-16749 – ImageMagick: reachable assertion in ReadOneJNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2018-16749
09 Sep 2018 — In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. En ImageMagick 7.0.7-29 y anteriores, la falta de una comprobación NULL en ReadOneJNGImage en coders/png.c permite que un atacante provoque una denegación de servicio (fallo de aserción en WriteBlob y salida de la aplicación) mediante un archivo manipulado. Due to a large number of issues discovered... • https://github.com/ImageMagick/ImageMagick/issues/1119 • CWE-476: NULL Pointer Dereference CWE-617: Reachable Assertion •