CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27759 – openSUSE Security Advisory - openSUSE-SU-2021:0148-1
https://notcve.org/view.php?id=CVE-2020-27759
03 Dec 2020 — In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions... • https://bugzilla.redhat.com/show_bug.cgi?id=1894238 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-27760 – Ubuntu Security Notice USN-7068-1
https://notcve.org/view.php?id=CVE-2020-27760
03 Dec 2020 — In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. En la función "GammaImage()" del archivo /MagickCore/enhance.c, dependiendo del valor de "gamma", es posible a... • https://bugzilla.redhat.com/show_bug.cgi?id=1894239 • CWE-369: Divide By Zero •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 1CVE-2019-19949 – ImageMagick: heap-based buffer over-read in WritePNGImage in coders/png.c
https://notcve.org/view.php?id=CVE-2019-19949
24 Dec 2019 — In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. En ImageMagick versión 7.0.8-43 Q16, se presenta una lectura excesiva de búfer en la región heap de la memoria en la función WritePNGImage del archivo coders/png.c, relacionada con Magick_png_write_raw_profile y LocaleNCompare. An out-of-bounds read was discovered in ImageMagick when writing PNG images. An attacker may abuse this flaw ... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00006.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18853
https://notcve.org/view.php?id=CVE-2019-18853
11 Nov 2019 — ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2. ImageMagick versiones anteriores a 7.0.9-0, permite a atacantes remotos causar una denegación de servicio porque XML_PARSE_HUGE no está restringido apropiadamente en el archivo coders/svg.c, relacionado con SVG y libxml2. • https://fortiguard.com/zeroday/FG-VD-19-136 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17540 – ImageMagick: heap-based buffer overflow in ReadPSInfo in coders/ps.c
https://notcve.org/view.php?id=CVE-2019-17540
14 Oct 2019 — ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. ImageMagick versiones anteriores a 7.0.8-54, presenta un desbordamiento de búfer en la región heap de la memoria en la función ReadPSInfo en el archivo coders/ps.c. An update that fixes four vulnerabilities is now available. This update for ImageMagick fixes the following issues. Fixed heap-based buffer overflow in ReadPSInfo in coders/ps.c. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17547
https://notcve.org/view.php?id=CVE-2019-17547
14 Oct 2019 — In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. En ImageMagick versiones anteriores a 7.0.8-62, la función TraceBezier en el archivo MagickCore/draw.c presenta una vulnerabilidad de uso de la memoria previamente liberada. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17541 – ImageMagick: Use after free in ReadICCProfile function in coders/jpeg.c
https://notcve.org/view.php?id=CVE-2019-17541
14 Oct 2019 — ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. ImageMagick versiones anteriores a 7.0.8-55, presenta una vulnerabilidad de uso de la memoria previamente liberada de la función DestroyStringInfo en el archivo MagickCore/string.c porque el administrador de errores es manejado inapropiadamente en el archivo coders/jpeg.c. ImageMagick is an image display and manipulation tool for the X Window System that can ... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2019-14981 – ImageMagick: division by zero in MeanShiftImage in MagickCore/feature.c
https://notcve.org/view.php?id=CVE-2019-14981
12 Aug 2019 — In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. En ImageMagick versiones 7.x anteriores a 7.0.8-41 y versiones 6.x anteriores a 6.9.10-41, hay una vulnerabilidad de división por cero en la función MeanShiftImage. Permite a un atacante causar una denegación de servicio mediante el envío de un archivo especialmente diseñado. An update that fixes 11 ... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-14980 – ImageMagick: use-after-free in magick/blob.c resulting in a denial of service
https://notcve.org/view.php?id=CVE-2019-14980
12 Aug 2019 — In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file. En ImageMagick versiones 7.x anteriores a 7.0.8-42 y versiones 6.x anteriores a 6.9.10-42, hay una vulnerabilidad de uso de la memoria previamente liberada en la función UnmapBlob que permite a un atacante causar una denegación de servicio mediante el envío de un archivo especialmente diseñado. An update... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-13137 – Debian Security Advisory 4712-1
https://notcve.org/view.php?id=CVE-2019-13137
01 Jul 2019 — ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. ImageMagick en versiones anteriores a la 7.0.8-50 tiene una vulnerabilidad de fuga de memoria en la función ReadPSImage in coders/ps. Handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html • CWE-401: Missing Release of Memory after Effective Lifetime •