Vulnerabilites related to imagemagick - imagemagick
cve-2016-10065
Vulnerability from cvelistv5
Published
2017-03-03 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html | vendor-advisory, x_refsource_SUSE | |
https://github.com/ImageMagick/ImageMagick/issues/129 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1410482 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/95213 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/129" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410482" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "95213", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95213" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-24T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/129" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410482" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "95213", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95213" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10065", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2017:0391", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/129", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/129" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410482", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410482" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "95213", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95213" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10065", "datePublished": "2017-03-03T17:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T03:07:32.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9833
Vulnerability from cvelistv5
Published
2017-03-22 14:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/06/02/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2014/12/24/1 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.581Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-22T11:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9833", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9833", "datePublished": "2017-03-22T14:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T13:55:04.581Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9806
Vulnerability from cvelistv5
Published
2017-03-30 15:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1343462 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/06/02/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2014/12/24/1 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.602Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343462" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-30T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343462" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343462", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343462" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9806", "datePublished": "2017-03-30T15:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T13:55:04.602Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28463
Vulnerability from cvelistv5
Published
2022-05-08 00:00
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:15.416Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/4988" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA-3007-1] imagemagick security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html" }, { "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-22T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/ImageMagick/ImageMagick/issues/4988" }, { "url": "https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f" }, { "url": "https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680" }, { "name": "[debian-lts-announce] 20220514 [SECURITY] [DLA-3007-1] imagemagick security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html" }, { "name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28463", "datePublished": "2022-05-08T00:00:00", "dateReserved": "2022-04-04T00:00:00", "dateUpdated": "2024-08-03T05:56:15.416Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11523
Vulnerability from cvelistv5
Published
2017-07-22 21:00
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078 | x_refsource_CONFIRM | |
https://bugs.debian.org/869210 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/issues/591 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78 | x_refsource_CONFIRM | |
https://www.debian.org/security/2017/dsa-4019 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:12:40.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.debian.org/869210" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/591" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78" }, { "name": "DSA-4019", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4019" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-07-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-14T12:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.debian.org/869210" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/591" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78" }, { "name": "DSA-4019", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4019" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11523", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078" }, { "name": "https://bugs.debian.org/869210", "refsource": "CONFIRM", "url": "https://bugs.debian.org/869210" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/591", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/591" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78" }, { "name": "DSA-4019", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4019" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11523", "datePublished": "2017-07-22T21:00:00", "dateReserved": "2017-07-22T00:00:00", "dateUpdated": "2024-08-05T18:12:40.227Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11448
Vulnerability from cvelistv5
Published
2017-07-19 07:00
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/issues/556 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:12:39.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/556" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-07-19T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-08T18:50:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/556" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11448", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867893" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/556", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/556" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/f6463ca9588579633bbaed9460899d892aa3c64a" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11448", "datePublished": "2017-07-19T07:00:00", "dateReserved": "2017-07-19T00:00:00", "dateUpdated": "2024-08-05T18:12:39.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9845
Vulnerability from cvelistv5
Published
2017-03-20 16:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503" }, { "name": "openSUSE-SU-2016:2073", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" }, { "name": "openSUSE-SU-2016:1833", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" }, { "name": "openSUSE-SU-2016:3060", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" }, { "name": "openSUSE-SU-2016:1724", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03" }, { "name": "SUSE-SU-2016:1782", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "openSUSE-SU-2016:1748", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" }, { "name": "SUSE-SU-2016:1784", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" }, { "name": "SUSE-SU-2016:1783", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" }, { "name": "USN-3131-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-3131-1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-06-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-20T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503" }, { "name": "openSUSE-SU-2016:2073", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" }, { "name": "openSUSE-SU-2016:1833", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" }, { "name": "openSUSE-SU-2016:3060", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" }, { "name": "openSUSE-SU-2016:1724", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03" }, { "name": "SUSE-SU-2016:1782", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "openSUSE-SU-2016:1748", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" }, { "name": "SUSE-SU-2016:1784", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" }, { "name": "SUSE-SU-2016:1783", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" }, { "name": "USN-3131-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-3131-1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343503" }, { "name": "openSUSE-SU-2016:2073", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html" }, { "name": "openSUSE-SU-2016:1833", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html" }, { "name": "openSUSE-SU-2016:3060", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00028.html" }, { "name": "openSUSE-SU-2016:1724", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html" }, { "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03", "refsource": "CONFIRM", "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=a7a7fd3ce95b7b8efb0ce1ce40f43dbbd20d8e03" }, { "name": "SUSE-SU-2016:1782", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "openSUSE-SU-2016:1748", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html" }, { "name": "SUSE-SU-2016:1784", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html" }, { "name": "SUSE-SU-2016:1783", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html" }, { "name": "USN-3131-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3131-1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9845", "datePublished": "2017-03-20T16:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T13:55:04.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8866
Vulnerability from cvelistv5
Published
2017-02-15 19:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/21/5 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1388816 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html | vendor-advisory, x_refsource_SUSE | |
http://www.openwall.com/lists/oss-security/2016/10/20/3 | mailing-list, x_refsource_MLIST | |
https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/ | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/issues/271 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html | vendor-advisory, x_refsource_SUSE |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:35:01.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20161021 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/21/5" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388816" }, { "name": "openSUSE-SU-2016:3238", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html" }, { "name": "openSUSE-SU-2017:0023", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html" }, { "name": "[oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/271" }, { "name": "openSUSE-SU-2016:3233", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-27T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20161021 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/21/5" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388816" }, { "name": "openSUSE-SU-2016:3238", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html" }, { "name": "openSUSE-SU-2017:0023", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html" }, { "name": "[oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/271" }, { "name": "openSUSE-SU-2016:3233", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8866", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20161021 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/21/5" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1388816", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388816" }, { "name": "openSUSE-SU-2016:3238", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html" }, { "name": "openSUSE-SU-2017:0023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html" }, { "name": "[oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/20/3" }, { "name": "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/271", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/271" }, { "name": "openSUSE-SU-2016:3233", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8866", "datePublished": "2017-02-15T19:00:00", "dateReserved": "2016-10-21T00:00:00", "dateUpdated": "2024-08-06T02:35:01.227Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9808
Vulnerability from cvelistv5
Published
2017-03-30 15:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/06/02/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2014/12/24/1 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1343464 | x_refsource_CONFIRM | |
https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343464" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=82f779cbc24045af2eaecb95d0842ca7b97c71f4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-30T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343464" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=82f779cbc24045af2eaecb95d0842ca7b97c71f4" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9808", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343464", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343464" }, { "name": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=82f779cbc24045af2eaecb95d0842ca7b97c71f4", "refsource": "CONFIRM", "url": "https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream\u0026id=82f779cbc24045af2eaecb95d0842ca7b97c71f4" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9808", "datePublished": "2017-03-30T15:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T13:55:04.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10049
Vulnerability from cvelistv5
Published
2017-03-23 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95180 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4 | x_refsource_CONFIRM | |
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1410452 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST | |
https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95180", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95180" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=29710" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410452" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-13T16:36:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "95180", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95180" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=29710" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410452" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10049", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "95180", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95180" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4" }, { "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=29710", "refsource": "MISC", "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=29710" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410452", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410452" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/13db820f5e24cd993ee554e99377fea02a904e18" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10049", "datePublished": "2017-03-23T17:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T03:07:32.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12675
Vulnerability from cvelistv5
Published
2017-08-07 21:00
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/616 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.639Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/616" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-07T21:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/616" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12675", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/616", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/616" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12675", "datePublished": "2017-08-07T21:00:00Z", "dateReserved": "2017-08-07T00:00:00Z", "dateUpdated": "2024-09-17T01:56:37.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10052
Vulnerability from cvelistv5
Published
2017-03-23 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
References
▼ | URL | Tags |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html | vendor-advisory, x_refsource_SUSE | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST | |
https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1410459 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95181 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/commit/13267a10845a8dadabed63072b537f050cec6daa | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.003Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "name": "openSUSE-SU-2017:0399", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410459" }, { "name": "95181", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95181" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/13267a10845a8dadabed63072b537f050cec6daa" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-14T20:29:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "name": "openSUSE-SU-2017:0399", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410459" }, { "name": "95181", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95181" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/13267a10845a8dadabed63072b537f050cec6daa" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10052", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2017:0391", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "name": "openSUSE-SU-2017:0399", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410459", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410459" }, { "name": "95181", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95181" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/13267a10845a8dadabed63072b537f050cec6daa", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/13267a10845a8dadabed63072b537f050cec6daa" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10052", "datePublished": "2017-03-23T17:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T03:07:32.003Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-9143
Vulnerability from cvelistv5
Published
2017-05-22 14:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/456 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/98682 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2017/dsa-3863 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/ImageMagick/ImageMagick/commit/3b0fe05cddd8910f84e51b4d50099702ea45ba4a | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:55:22.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/456" }, { "name": "98682", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98682" }, { "name": "DSA-3863", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3863" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/3b0fe05cddd8910f84e51b4d50099702ea45ba4a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-22T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-06T20:52:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/456" }, { "name": "98682", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98682" }, { "name": "DSA-3863", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3863" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/3b0fe05cddd8910f84e51b4d50099702ea45ba4a" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9143", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/456", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/456" }, { "name": "98682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98682" }, { "name": "DSA-3863", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3863" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/3b0fe05cddd8910f84e51b4d50099702ea45ba4a", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/3b0fe05cddd8910f84e51b4d50099702ea45ba4a" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9143", "datePublished": "2017-05-22T14:00:00", "dateReserved": "2017-05-22T00:00:00", "dateUpdated": "2024-08-05T16:55:22.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-17882
Vulnerability from cvelistv5
Published
2017-12-24 04:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/ImageMagick/ImageMagick/issues/880 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:06:49.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/880" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-12-23T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/880" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17882", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/880", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/880" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17882", "datePublished": "2017-12-24T04:00:00", "dateReserved": "2017-12-23T00:00:00", "dateUpdated": "2024-08-05T21:06:49.210Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27755
Vulnerability from cvelistv5
Published
2020-12-08 21:57
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1894232 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | ImageMagick |
Version: prior to 7.0.9-0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:18:45.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ImageMagick", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to 7.0.9-0" } ] } ], "descriptions": [ { "lang": "en", "value": "in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-08T21:57:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27755", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ImageMagick", "version": { "version_data": [ { "version_value": "prior to 7.0.9-0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-401" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894232" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27755", "datePublished": "2020-12-08T21:57:25", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:18:45.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7943
Vulnerability from cvelistv5
Published
2017-04-18 19:00
Modified
2024-08-05 16:19
Severity ?
EPSS score ?
Summary
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
References
▼ | URL | Tags |
---|---|---|
http://www.debian.org/security/2017/dsa-3863 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securityfocus.com/bid/97956 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/issues/427 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:19:29.403Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-3863", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3863" }, { "name": "97956", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/97956" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/427" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-04-18T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-3863", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3863" }, { "name": "97956", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/97956" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/427" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7943", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-3863", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3863" }, { "name": "97956", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97956" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/427", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/427" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7943", "datePublished": "2017-04-18T19:00:00", "dateReserved": "2017-04-18T00:00:00", "dateUpdated": "2024-08-05T16:19:29.403Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9915
Vulnerability from cvelistv5
Published
2017-03-23 17:00
Modified
2024-08-06 14:02
Severity ?
EPSS score ?
Summary
Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1410436 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:02:36.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410436" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-23T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410436" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9915", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410436", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410436" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9915", "datePublished": "2017-03-23T17:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T14:02:36.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9836
Vulnerability from cvelistv5
Published
2017-03-22 14:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/06/02/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2014/12/24/1 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-22T11:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9836", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9836", "datePublished": "2017-03-22T14:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T13:55:04.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12983
Vulnerability from cvelistv5
Published
2017-08-21 07:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2017/dsa-4040 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/201711-07 | vendor-advisory, x_refsource_GENTOO | |
https://www.debian.org/security/2017/dsa-4032 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/ImageMagick/ImageMagick/issues/682 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:51:07.384Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4040", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "DSA-4032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4032" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/682" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4040", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "DSA-4032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4032" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/682" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12983", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4040", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "DSA-4032", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4032" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/682", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/682" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12983", "datePublished": "2017-08-21T07:00:00", "dateReserved": "2017-08-21T00:00:00", "dateUpdated": "2024-08-05T18:51:07.384Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12418
Vulnerability from cvelistv5
Published
2017-08-04 00:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/643 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/201711-07 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:36:56.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/643" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-03T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/643" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-07" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12418", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/643", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/643" }, { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12418", "datePublished": "2017-08-04T00:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2024-08-05T18:36:56.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12691
Vulnerability from cvelistv5
Published
2017-09-01 21:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/201711-07 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/ImageMagick/ImageMagick/issues/656 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/656" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-07T23:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/656" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12691", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/656", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/656" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12691", "datePublished": "2017-09-01T21:00:00", "dateReserved": "2017-08-08T00:00:00", "dateUpdated": "2024-08-05T18:43:56.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-17541
Vulnerability from cvelistv5
Published
2019-10-14 01:06
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1641 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55 | x_refsource_MISC | |
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:40:15.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1641" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-14T01:06:43", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1641" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17541", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1641", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1641" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493" }, { "name": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/compare/7.0.8-54...7.0.8-55" }, { "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17541", "datePublished": "2019-10-14T01:06:43", "dateReserved": "2019-10-14T00:00:00", "dateUpdated": "2024-08-05T01:40:15.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8862
Vulnerability from cvelistv5
Published
2017-02-15 19:00
Modified
2024-08-06 02:35
Severity ?
EPSS score ?
Summary
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/20/3 | mailing-list, x_refsource_MLIST | |
https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/ | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1387135 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/issues/271 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/93794 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2016/10/20/2 | mailing-list, x_refsource_MLIST | |
http://www.debian.org/security/2016/dsa-3726 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:35:01.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387135" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/271" }, { "name": "93794", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93794" }, { "name": "[oss-security] 20161020 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/2" }, { "name": "DSA-3726", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-10-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-27T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387135" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/271" }, { "name": "93794", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93794" }, { "name": "[oss-security] 20161020 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/10/20/2" }, { "name": "DSA-3726", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-8862", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20161020 imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/20/3" }, { "name": "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1387135", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1387135" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/271", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/271" }, { "name": "93794", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93794" }, { "name": "[oss-security] 20161020 Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/20/2" }, { "name": "DSA-3726", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3726" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-8862", "datePublished": "2017-02-15T19:00:00", "dateReserved": "2016-10-20T00:00:00", "dateUpdated": "2024-08-06T02:35:01.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14741
Vulnerability from cvelistv5
Published
2017-09-26 02:00
Modified
2024-08-05 19:34
Severity ?
EPSS score ?
Summary
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/ImageMagick/ImageMagick/issues/771 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:34:39.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/771" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-25T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-07T23:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/771" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14741", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/771", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/771" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14741", "datePublished": "2017-09-26T02:00:00", "dateReserved": "2017-09-25T00:00:00", "dateUpdated": "2024-08-05T19:34:39.989Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27758
Vulnerability from cvelistv5
Published
2020-12-08 00:00
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | ImageMagick |
Version: prior to 7.0.8-68 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:18:45.841Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236" }, { "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html" }, { "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ImageMagick", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to 7.0.8-68" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-11T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894236" }, { "name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2602-1] imagemagick security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html" }, { "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27758", "datePublished": "2020-12-08T00:00:00", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:18:45.841Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-18544
Vulnerability from cvelistv5
Published
2018-10-21 01:00
Modified
2024-08-05 11:15
Severity ?
EPSS score ?
Summary
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1360 | x_refsource_MISC | |
http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4034-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:15:58.924Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1360" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog" }, { "name": "openSUSE-SU-2019:1141", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html" }, { "name": "USN-4034-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4034-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-20T00:00:00", "descriptions": [ { "lang": "en", "value": "There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-25T14:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1360" }, { "tags": [ "x_refsource_MISC" ], "url": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog" }, { "name": "openSUSE-SU-2019:1141", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html" }, { "name": "USN-4034-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4034-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1360", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1360" }, { "name": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog", "refsource": "MISC", "url": "http://hg.code.sf.net/p/graphicsmagick/code/file/233618f8fe82/ChangeLog" }, { "name": "openSUSE-SU-2019:1141", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00034.html" }, { "name": "USN-4034-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4034-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18544", "datePublished": "2018-10-21T01:00:00", "dateReserved": "2018-10-20T00:00:00", "dateUpdated": "2024-08-05T11:15:58.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13136
Vulnerability from cvelistv5
Published
2019-07-01 19:27
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1602 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
https://support.f5.com/csp/article/K03512441?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:41:10.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1602" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891" }, { "name": "openSUSE-SU-2019:1983", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K03512441?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-11T04:06:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1602" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891" }, { "name": "openSUSE-SU-2019:1983", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K03512441?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13136", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1602", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1602" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891" }, { "name": "openSUSE-SU-2019:1983", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "https://support.f5.com/csp/article/K03512441?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K03512441?utm_source=f5support\u0026amp;utm_medium=RSS" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13136", "datePublished": "2019-07-01T19:27:46", "dateReserved": "2019-07-01T00:00:00", "dateUpdated": "2024-08-04T23:41:10.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-2030
Vulnerability from cvelistv5
Published
2020-02-06 14:58
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2014/02/12/2 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2014/02/13/5 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2014/02/19/13 | x_refsource_MISC | |
https://bugzilla.redhat.com/show_bug.cgi?id=1064098 | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html | x_refsource_CONFIRM | |
http://ubuntu.com/usn/usn-2132-1 | x_refsource_CONFIRM | |
https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:58:16.263Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/12/2" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/13/5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/19/13" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064098" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-2132-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-02-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-06T14:58:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/12/2" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/13/5" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.openwall.com/lists/oss-security/2014/02/19/13" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064098" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://ubuntu.com/usn/usn-2132-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.openwall.com/lists/oss-security/2014/02/12/2", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/02/12/2" }, { "name": "http://www.openwall.com/lists/oss-security/2014/02/13/5", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/02/13/5" }, { "name": "http://www.openwall.com/lists/oss-security/2014/02/19/13", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2014/02/19/13" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1064098", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064098" }, { "name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html", "refsource": "CONFIRM", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00032.html" }, { "name": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html", "refsource": "CONFIRM", "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00039.html" }, { "name": "http://ubuntu.com/usn/usn-2132-1", "refsource": "CONFIRM", "url": "http://ubuntu.com/usn/usn-2132-1" }, { "name": "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736", "refsource": "CONFIRM", "url": "https://web.archive.org/web/20090120112751/http://trac.imagemagick.org/changeset/13736" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2030", "datePublished": "2020-02-06T14:58:56", "dateReserved": "2014-02-19T00:00:00", "dateUpdated": "2024-08-06T09:58:16.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7538
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-06 02:04
Severity ?
EPSS score ?
Summary
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/09/22/2 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1378775 | x_refsource_CONFIRM | |
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/93131 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/issues/148 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/commit/82e2049862a8b8a999e160734ad64fb6cc3b145f | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:04:54.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378775" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273" }, { "name": "93131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/148" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/82e2049862a8b8a999e160734ad64fb6cc3b145f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-11T00:00:00", "descriptions": [ { "lang": "en", "value": "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-08T17:41:51", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378775" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273" }, { "name": "93131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/148" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/82e2049862a8b8a999e160734ad64fb6cc3b145f" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-7538", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378775", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378775" }, { "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1556273" }, { "name": "93131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93131" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/148", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/148" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/82e2049862a8b8a999e160734ad64fb6cc3b145f", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/82e2049862a8b8a999e160734ad64fb6cc3b145f" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-7538", "datePublished": "2017-04-20T18:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:04:54.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-12975
Vulnerability from cvelistv5
Published
2019-06-26 17:08
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1517 | x_refsource_MISC | |
http://www.securityfocus.com/bid/108913 | vdb-entry, x_refsource_BID | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4192-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2020/dsa-4712 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:41:09.961Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1517" }, { "name": "108913", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108913" }, { "name": "openSUSE-SU-2019:1983", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4712" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-01T11:06:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1517" }, { "name": "108913", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108913" }, { "name": "openSUSE-SU-2019:1983", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4712" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12975", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1517", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1517" }, { "name": "108913", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108913" }, { "name": "openSUSE-SU-2019:1983", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "USN-4192-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "DSA-4712", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4712" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12975", "datePublished": "2019-06-26T17:08:07", "dateReserved": "2019-06-26T00:00:00", "dateUpdated": "2024-08-04T23:41:09.961Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14607
Vulnerability from cvelistv5
Published
2017-09-20 17:00
Modified
2024-08-05 19:34
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2017/dsa-4040 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2017/dsa-4032 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/ImageMagick/ImageMagick/issues/765 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100944 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:34:39.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4040", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "DSA-4032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4032" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/765" }, { "name": "100944", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100944" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-20T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4040", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "DSA-4032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4032" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/765" }, { "name": "100944", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100944" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14607", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4040", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "DSA-4032", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4032" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/765", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/765" }, { "name": "100944", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100944" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14607", "datePublished": "2017-09-20T17:00:00", "dateReserved": "2017-09-20T00:00:00", "dateUpdated": "2024-08-05T19:34:39.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12140
Vulnerability from cvelistv5
Published
2017-08-02 05:00
Modified
2024-08-05 18:28
Severity ?
EPSS score ?
Summary
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/201711-07 | vendor-advisory, x_refsource_GENTOO | |
http://www.securityfocus.com/bid/100096 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/issues/533 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:28:16.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "100096", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100096" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/533" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-01T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-07T23:06:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "100096", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100096" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/533" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12140", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadDCMImage function in coders\\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "100096", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100096" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/533", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/533" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12140", "datePublished": "2017-08-02T05:00:00", "dateReserved": "2017-08-01T00:00:00", "dateUpdated": "2024-08-05T18:28:16.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-19667
Vulnerability from cvelistv5
Published
2020-11-20 00:00
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:15:27.876Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1895" }, { "name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html" }, { "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-11T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/ImageMagick/ImageMagick/issues/1895" }, { "name": "[debian-lts-announce] 20210112 [SECURITY] [DLA 2523-1] imagemagick security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html" }, { "name": "[debian-lts-announce] 20230311 [SECURITY] [DLA 3357-1] imagemagick security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-19667", "datePublished": "2020-11-20T00:00:00", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:15:27.876Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9805
Vulnerability from cvelistv5
Published
2017-03-30 15:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1343460 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/06/02/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2014/12/24/1 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:55:04.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343460" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-24T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-30T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343460" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9805", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343460", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343460" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "[oss-security] 20141224 Imagemagick fuzzing bug", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/24/1" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9805", "datePublished": "2017-03-30T15:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T13:55:04.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-17914
Vulnerability from cvelistv5
Published
2017-12-26 20:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/ImageMagick/ImageMagick/issues/908 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:06:49.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/908" }, { "name": "[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-07T23:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/908" }, { "name": "[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17914", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/908", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/908" }, { "name": "[debian-lts-announce] 20180101 [SECURITY] [DLA 1227-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17914", "datePublished": "2017-12-26T20:00:00", "dateReserved": "2017-12-26T00:00:00", "dateUpdated": "2024-08-05T21:06:49.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12669
Vulnerability from cvelistv5
Published
2017-08-07 21:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/571 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/commit/73b6c35cede48ccb2e29dbe62c2d77488e5e70b7 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/571" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/73b6c35cede48ccb2e29dbe62c2d77488e5e70b7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-08T16:29:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/571" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/73b6c35cede48ccb2e29dbe62c2d77488e5e70b7" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12669", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/571", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/571" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/73b6c35cede48ccb2e29dbe62c2d77488e5e70b7", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/73b6c35cede48ccb2e29dbe62c2d77488e5e70b7" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12669", "datePublished": "2017-08-07T21:00:00", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-08-05T18:43:56.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8897
Vulnerability from cvelistv5
Published
2017-03-15 19:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2016:1237 | vendor-advisory, x_refsource_REDHAT | |
https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231 | x_refsource_CONFIRM | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | x_refsource_CONFIRM | |
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/06/02/13 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/91030 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:22.038Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2016:1237", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=28466" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "91030", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/91030" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-06-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "RHSA-2016:1237", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=28466" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "91030", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/91030" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8897", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2016:1237", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1237" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231" }, { "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "name": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=28466", "refsource": "CONFIRM", "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=28466" }, { "name": "[oss-security] 20160602 Re: ImageMagick CVEs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/02/13" }, { "name": "91030", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91030" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8897", "datePublished": "2017-03-15T19:00:00", "dateReserved": "2016-06-02T00:00:00", "dateUpdated": "2024-08-06T08:29:22.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10051
Vulnerability from cvelistv5
Published
2017-03-23 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/95187 | vdb-entry, x_refsource_BID | |
http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html | vendor-advisory, x_refsource_SUSE | |
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html | vendor-advisory, x_refsource_SUSE | |
https://bugzilla.redhat.com/show_bug.cgi?id=1410456 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST | |
https://github.com/ImageMagick/ImageMagick/commit/548701354191a3dda5cffc6d415374b35b01d0b9 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521" }, { "name": "95187", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95187" }, { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=30245" }, { "name": "openSUSE-SU-2017:0399", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410456" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/548701354191a3dda5cffc6d415374b35b01d0b9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-13T21:29:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521" }, { "name": "95187", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95187" }, { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=30245" }, { "name": "openSUSE-SU-2017:0399", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410456" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/548701354191a3dda5cffc6d415374b35b01d0b9" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10051", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521" }, { "name": "95187", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95187" }, { "name": "openSUSE-SU-2017:0391", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=30245", "refsource": "CONFIRM", "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=30245" }, { "name": "openSUSE-SU-2017:0399", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410456", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410456" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/548701354191a3dda5cffc6d415374b35b01d0b9", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/548701354191a3dda5cffc6d415374b35b01d0b9" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10051", "datePublished": "2017-03-23T17:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T03:07:32.087Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-9407
Vulnerability from cvelistv5
Published
2017-06-02 19:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/459 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:02:44.424Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/459" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-06-02T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/459" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9407", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/459", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/459" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9407", "datePublished": "2017-06-02T19:00:00Z", "dateReserved": "2017-06-02T00:00:00Z", "dateUpdated": "2024-09-16T23:41:56.602Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2008-1097
Vulnerability from cvelistv5
Published
2008-03-05 20:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T08:08:57.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "GLSA-201311-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201311-10.xml" }, { "name": "28822", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/28822" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=285861" }, { "name": "29857", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29857" }, { "name": "RHSA-2008:0145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0145.html" }, { "name": "43213", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/43213" }, { "name": "1019881", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1019881" }, { "name": "55721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/55721" }, { "name": "29786", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29786" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034" }, { "name": "30967", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/30967" }, { "name": "oval:org.mitre.oval:def:11237", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237" }, { "name": "RHSA-2008:0165", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0165.html" }, { "name": "SUSE-SR:2008:014", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" }, { "name": "MDVSA-2008:099", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:099" }, { "name": "DSA-1858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1858" }, { "name": "imagemagick-readpcximage-bo(41193)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41193" }, { "name": "36260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "GLSA-201311-10", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201311-10.xml" }, { "name": "28822", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/28822" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=285861" }, { "name": "29857", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29857" }, { "name": "RHSA-2008:0145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0145.html" }, { "name": "43213", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/43213" }, { "name": "1019881", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1019881" }, { "name": "55721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/55721" }, { "name": "29786", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29786" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034" }, { "name": "30967", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/30967" }, { "name": "oval:org.mitre.oval:def:11237", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237" }, { "name": "RHSA-2008:0165", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0165.html" }, { "name": "SUSE-SR:2008:014", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" }, { "name": "MDVSA-2008:099", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:099" }, { "name": "DSA-1858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1858" }, { "name": "imagemagick-readpcximage-bo(41193)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41193" }, { "name": "36260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36260" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1097", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in the ReadPCXImage function in the PCX coder in coders/pcx.c in (1) ImageMagick 6.2.4-5 and 6.2.8-0 and (2) GraphicsMagick (aka gm) 1.1.7 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted .pcx file that triggers incorrect memory allocation for the scanline array, leading to memory corruption." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "GLSA-201311-10", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201311-10.xml" }, { "name": "28822", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28822" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=285861", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=285861" }, { "name": "29857", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29857" }, { "name": "RHSA-2008:0145", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0145.html" }, { "name": "43213", "refsource": "OSVDB", "url": "http://osvdb.org/43213" }, { "name": "1019881", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019881" }, { "name": "55721", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55721" }, { "name": "29786", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29786" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413034" }, { "name": "30967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30967" }, { "name": "oval:org.mitre.oval:def:11237", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11237" }, { "name": "RHSA-2008:0165", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0165.html" }, { "name": "SUSE-SR:2008:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" }, { "name": "MDVSA-2008:099", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:099" }, { "name": "DSA-1858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1858" }, { "name": "imagemagick-readpcximage-bo(41193)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41193" }, { "name": "36260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36260" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1097", "datePublished": "2008-03-05T20:00:00", "dateReserved": "2008-02-28T00:00:00", "dateUpdated": "2024-08-07T08:08:57.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7513
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/93121 | vdb-entry, x_refsource_BID | |
http://www.openwall.com/lists/oss-security/2016/09/22/2 | mailing-list, x_refsource_MLIST | |
https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723 | x_refsource_CONFIRM | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455 | x_refsource_CONFIRM | |
https://bugzilla.redhat.com/show_bug.cgi?id=1378733 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:57:47.691Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "93121", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93121" }, { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378733" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-12-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-04-20T17:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "name": "93121", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93121" }, { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378733" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-7513", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "93121", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93121" }, { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723" }, { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832455" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378733", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378733" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-7513", "datePublished": "2017-04-20T18:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.691Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2007-1797
Vulnerability from cvelistv5
Published
2007-04-02 22:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T13:06:26.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "23347", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23347" }, { "name": "29857", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29857" }, { "name": "GLSA-200705-13", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200705-13.xml" }, { "name": "RHSA-2008:0145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0145.html" }, { "name": "oval:org.mitre.oval:def:9254", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254" }, { "name": "20070331 Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.foresightlinux.org/browse/FL-222" }, { "name": "24739", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24739" }, { "name": "29786", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/29786" }, { "name": "1017839", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1017839" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.rpath.com/browse/RPL-1205" }, { "name": "USN-481-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/usn-481-1" }, { "name": "23252", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/23252" }, { "name": "25992", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25992" }, { "name": "26177", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/26177" }, { "name": "RHSA-2008:0165", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0165.html" }, { "name": "imagemagick-readxwdimage-bo(33377)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33377" }, { "name": "ADV-2007-1200", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2007/1200" }, { "name": "SUSE-SR:2007:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html" }, { "name": "DSA-1858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1858" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.imagemagick.org/script/changelog.php" }, { "name": "MDKSA-2007:147", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147" }, { "name": "imagemagick-readdcmimage-bo(33376)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33376" }, { "name": "24721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/24721" }, { "name": "25072", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25072" }, { "name": "25206", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/25206" }, { "name": "36260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36260" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2007-03-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "23347", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23347" }, { "name": "29857", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29857" }, { "name": "GLSA-200705-13", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200705-13.xml" }, { "name": "RHSA-2008:0145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0145.html" }, { "name": "oval:org.mitre.oval:def:9254", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254" }, { "name": "20070331 Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.foresightlinux.org/browse/FL-222" }, { "name": "24739", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24739" }, { "name": "29786", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/29786" }, { "name": "1017839", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1017839" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.rpath.com/browse/RPL-1205" }, { "name": "USN-481-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/usn-481-1" }, { "name": "23252", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/23252" }, { "name": "25992", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25992" }, { "name": "26177", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/26177" }, { "name": "RHSA-2008:0165", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2008-0165.html" }, { "name": "imagemagick-readxwdimage-bo(33377)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33377" }, { "name": "ADV-2007-1200", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2007/1200" }, { "name": "SUSE-SR:2007:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html" }, { "name": "DSA-1858", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1858" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.imagemagick.org/script/changelog.php" }, { "name": "MDKSA-2007:147", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147" }, { "name": "imagemagick-readdcmimage-bo(33376)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33376" }, { "name": "24721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/24721" }, { "name": "25072", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25072" }, { "name": "25206", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/25206" }, { "name": "36260", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36260" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1797", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "23347", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23347" }, { "name": "29857", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29857" }, { "name": "GLSA-200705-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200705-13.xml" }, { "name": "RHSA-2008:0145", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0145.html" }, { "name": "oval:org.mitre.oval:def:9254", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9254" }, { "name": "20070331 Multiple Vendor ImageMagick DCM and XWD Buffer Overflow Vulnerabilities", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=496" }, { "name": "https://issues.foresightlinux.org/browse/FL-222", "refsource": "CONFIRM", "url": "https://issues.foresightlinux.org/browse/FL-222" }, { "name": "24739", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24739" }, { "name": "29786", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29786" }, { "name": "1017839", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017839" }, { "name": "https://issues.rpath.com/browse/RPL-1205", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1205" }, { "name": "USN-481-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-481-1" }, { "name": "23252", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23252" }, { "name": "25992", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25992" }, { "name": "26177", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26177" }, { "name": "RHSA-2008:0165", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0165.html" }, { "name": "imagemagick-readxwdimage-bo(33377)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33377" }, { "name": "ADV-2007-1200", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1200" }, { "name": "SUSE-SR:2007:008", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html" }, { "name": "DSA-1858", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1858" }, { "name": "http://www.imagemagick.org/script/changelog.php", "refsource": "MISC", "url": "http://www.imagemagick.org/script/changelog.php" }, { "name": "MDKSA-2007:147", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:147" }, { "name": "imagemagick-readdcmimage-bo(33376)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33376" }, { "name": "24721", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24721" }, { "name": "25072", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25072" }, { "name": "25206", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25206" }, { "name": "36260", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36260" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1797", "datePublished": "2007-04-02T22:00:00", "dateReserved": "2007-04-02T00:00:00", "dateUpdated": "2024-08-07T13:06:26.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-7519
Vulnerability from cvelistv5
Published
2017-04-19 14:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1378746 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/09/22/2 | mailing-list, x_refsource_MLIST | |
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/93131 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/issues/82 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:57:47.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378746" }, { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445" }, { "name": "93131", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93131" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/82" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-04-20T09:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378746" }, { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445" }, { "name": "93131", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93131" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/82" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "ID": "CVE-2016-7519", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1378746", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378746" }, { "name": "[oss-security] 20160922 Re: CVE Requests: Various ImageMagick issues (as reported in the Debian BTS)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/22/2" }, { "name": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445" }, { "name": "93131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93131" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/82", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/82" } ] } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2016-7519", "datePublished": "2017-04-19T14:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.643Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11170
Vulnerability from cvelistv5
Published
2017-07-11 20:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/472 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/99565 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T17:57:58.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/472" }, { "name": "99565", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/99565" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-07-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadTGAImage function in coders\\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-14T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/472" }, { "name": "99565", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/99565" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11170", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadTGAImage function in coders\\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/472", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/472" }, { "name": "99565", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99565" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11170", "datePublished": "2017-07-11T20:00:00", "dateReserved": "2017-07-11T00:00:00", "dateUpdated": "2024-08-05T17:57:58.043Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-11530
Vulnerability from cvelistv5
Published
2017-07-23 03:00
Modified
2024-08-05 18:12
Severity ?
EPSS score ?
Summary
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/issues/524 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:12:40.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/524" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-07-22T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-23T02:57:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/524" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-11530", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/524", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/524" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-11530", "datePublished": "2017-07-23T03:00:00", "dateReserved": "2017-07-22T00:00:00", "dateUpdated": "2024-08-05T18:12:40.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12671
Vulnerability from cvelistv5
Published
2017-08-07 21:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/621 | x_refsource_CONFIRM | |
https://www.debian.org/security/2017/dsa-4019 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.627Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/621" }, { "name": "DSA-4019", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4019" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-06T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/621" }, { "name": "DSA-4019", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4019" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12671", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/621", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/621" }, { "name": "DSA-4019", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4019" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12671", "datePublished": "2017-08-07T21:00:00", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-08-05T18:43:56.627Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15140
Vulnerability from cvelistv5
Published
2019-08-18 18:31
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1554 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4192-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html | vendor-advisory, x_refsource_SUSE | |
https://www.debian.org/security/2020/dsa-4712 | vendor-advisory, x_refsource_DEBIAN | |
https://www.debian.org/security/2020/dsa-4715 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:34:53.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1554" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0" }, { "name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1968-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "openSUSE-SU-2019:2515", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html" }, { "name": "openSUSE-SU-2019:2519", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "DSA-4715", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4715" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-03T11:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1554" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0" }, { "name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1968-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "openSUSE-SU-2019:2515", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html" }, { "name": "openSUSE-SU-2019:2519", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "DSA-4715", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4715" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15140", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1554", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1554" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0" }, { "name": "[debian-lts-announce] 20191021 [SECURITY] [DLA 1968-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00028.html" }, { "name": "USN-4192-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "openSUSE-SU-2019:2515", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html" }, { "name": "openSUSE-SU-2019:2519", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" }, { "name": "DSA-4712", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "DSA-4715", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4715" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15140", "datePublished": "2019-08-18T18:31:06", "dateReserved": "2019-08-18T00:00:00", "dateUpdated": "2024-08-05T00:34:53.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-9556
Vulnerability from cvelistv5
Published
2017-03-23 18:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/94492 | vdb-entry, x_refsource_BID | |
https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 | x_refsource_CONFIRM | |
https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h | x_refsource_MISC | |
http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html | vendor-advisory, x_refsource_SUSE | |
http://www.openwall.com/lists/oss-security/2016/11/23/1 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/12/02/12 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/12/01/4 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1398198 | x_refsource_CONFIRM | |
http://www.debian.org/security/2016/dsa-3726 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:50:38.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "94492", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/94492" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h" }, { "name": "openSUSE-SU-2016:3024", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html" }, { "name": "[oss-security] 20161122 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/11/23/1" }, { "name": "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/02/12" }, { "name": "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/01/4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398198" }, { "name": "DSA-3726", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3726" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-23T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "94492", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/94492" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99" }, { "tags": [ "x_refsource_MISC" ], "url": "https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h" }, { "name": "openSUSE-SU-2016:3024", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html" }, { "name": "[oss-security] 20161122 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/11/23/1" }, { "name": "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/02/12" }, { "name": "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/01/4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398198" }, { "name": "DSA-3726", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3726" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "94492", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94492" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99" }, { "name": "https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h", "refsource": "MISC", "url": "https://blogs.gentoo.org/ago/2016/11/19/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h" }, { "name": "openSUSE-SU-2016:3024", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00040.html" }, { "name": "[oss-security] 20161122 Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/11/23/1" }, { "name": "[oss-security] 20161202 Re: Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/02/12" }, { "name": "[oss-security] 20161201 imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) (Incomplete fix for CVE-2016-9556)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/01/4" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1398198", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1398198" }, { "name": "DSA-3726", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3726" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9556", "datePublished": "2017-03-23T18:00:00", "dateReserved": "2016-11-22T00:00:00", "dateUpdated": "2024-08-06T02:50:38.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-17880
Vulnerability from cvelistv5
Published
2017-12-24 04:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/907 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/102317 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:06:49.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/907" }, { "name": "102317", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102317" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-12-23T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-01T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/907" }, { "name": "102317", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102317" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17880", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/907", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/907" }, { "name": "102317", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102317" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17880", "datePublished": "2017-12-24T04:00:00", "dateReserved": "2017-12-23T00:00:00", "dateUpdated": "2024-08-05T21:06:49.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-0760
Vulnerability from cvelistv5
Published
2005-03-26 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
References
▼ | URL | Tags |
---|---|---|
http://securitytracker.com/id?1013550 | vdb-entry, x_refsource_SECTRACK | |
http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html | vendor-advisory, x_refsource_SUSE | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184 | vdb-entry, signature, x_refsource_OVAL | |
https://rhn.redhat.com/errata/RHSA-2005-070.html | vendor-advisory, x_refsource_REDHAT | |
http://www.debian.org/security/2005/dsa-702 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:28:27.633Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1013550", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013550" }, { "name": "SUSE-SA:2005:017", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" }, { "name": "oval:org.mitre.oval:def:11184", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184" }, { "name": "RHSA-2005:070", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2005-070.html" }, { "name": "DSA-702", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2005/dsa-702" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-03-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "1013550", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013550" }, { "name": "SUSE-SA:2005:017", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" }, { "name": "oval:org.mitre.oval:def:11184", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184" }, { "name": "RHSA-2005:070", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://rhn.redhat.com/errata/RHSA-2005-070.html" }, { "name": "DSA-702", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2005/dsa-702" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-0760", "datePublished": "2005-03-26T05:00:00", "dateReserved": "2005-03-17T00:00:00", "dateUpdated": "2024-08-07T21:28:27.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8903
Vulnerability from cvelistv5
Published
2017-02-27 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
References
▼ | URL | Tags |
---|---|---|
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2015/02/26/13 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1195271 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/06/06/2 | mailing-list, x_refsource_MLIST | |
http://trac.imagemagick.org/changeset/17856 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:22.099Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26933" }, { "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195271" }, { "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.imagemagick.org/changeset/17856" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-02-27T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26933" }, { "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195271" }, { "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.imagemagick.org/changeset/17856" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8903", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26933", "refsource": "CONFIRM", "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26933" }, { "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1195271", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195271" }, { "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" }, { "name": "http://trac.imagemagick.org/changeset/17856", "refsource": "CONFIRM", "url": "http://trac.imagemagick.org/changeset/17856" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8903", "datePublished": "2017-02-27T22:00:00", "dateReserved": "2016-06-05T00:00:00", "dateUpdated": "2024-08-06T08:29:22.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12642
Vulnerability from cvelistv5
Published
2017-08-07 15:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/552 | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/100159 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/552" }, { "name": "100159", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100159" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-07T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\\mpc.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-08T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/552" }, { "name": "100159", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100159" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12642", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\\mpc.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/552", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/552" }, { "name": "100159", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100159" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12642", "datePublished": "2017-08-07T15:00:00", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-08-05T18:43:56.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-16711
Vulnerability from cvelistv5
Published
2019-09-23 11:45
Modified
2024-08-05 01:17
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1542 | x_refsource_MISC | |
https://usn.ubuntu.com/4192-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html | vendor-advisory, x_refsource_SUSE | |
https://www.debian.org/security/2020/dsa-4712 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:17:41.106Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1542" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "openSUSE-SU-2019:2515", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html" }, { "name": "openSUSE-SU-2019:2519", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4712" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-01T11:06:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1542" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "openSUSE-SU-2019:2515", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html" }, { "name": "openSUSE-SU-2019:2519", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4712" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16711", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1542", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1542" }, { "name": "USN-4192-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "openSUSE-SU-2019:2515", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00040.html" }, { "name": "openSUSE-SU-2019:2519", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" }, { "name": "DSA-4712", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4712" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16711", "datePublished": "2019-09-23T11:45:51", "dateReserved": "2019-09-23T00:00:00", "dateUpdated": "2024-08-05T01:17:41.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10059
Vulnerability from cvelistv5
Published
2017-03-23 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95206 | vdb-entry, x_refsource_BID | |
https://bugzilla.redhat.com/show_bug.cgi?id=1410469 | x_refsource_CONFIRM | |
http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html | vendor-advisory, x_refsource_SUSE | |
https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95206", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95206" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410469" }, { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-24T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "95206", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95206" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410469" }, { "name": "openSUSE-SU-2017:0391", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10059", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "95206", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95206" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410469", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410469" }, { "name": "openSUSE-SU-2017:0391", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10059", "datePublished": "2017-03-23T17:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T03:07:32.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27752
Vulnerability from cvelistv5
Published
2020-12-08 21:57
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1894226 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | ImageMagick |
Version: prior to 7.0.9-0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:18:45.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894226" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ImageMagick", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to 7.0.9-0" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122-\u003eCWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-08T21:57:16", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894226" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-27752", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ImageMagick", "version": { "version_data": [ { "version_value": "prior to 7.0.9-0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122-\u003eCWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894226", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894226" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-27752", "datePublished": "2020-12-08T21:57:16", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:18:45.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11597
Vulnerability from cvelistv5
Published
2019-04-29 15:05
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1555 | x_refsource_MISC | |
http://www.securityfocus.com/bid/108102 | vdb-entry, x_refsource_BID | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/4034-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html | vendor-advisory, x_refsource_SUSE | |
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html | vendor-advisory, x_refsource_SUSE | |
https://www.debian.org/security/2020/dsa-4712 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:55:41.024Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1555" }, { "name": "108102", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108102" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "USN-4034-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4034-1/" }, { "name": "openSUSE-SU-2019:1683", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html" }, { "name": "openSUSE-SU-2019:1795", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-08-19T01:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1555" }, { "name": "108102", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108102" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "USN-4034-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4034-1/" }, { "name": "openSUSE-SU-2019:1683", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html" }, { "name": "openSUSE-SU-2019:1795", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11597", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1555", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1555" }, { "name": "108102", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108102" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "USN-4034-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4034-1/" }, { "name": "openSUSE-SU-2019:1683", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html" }, { "name": "openSUSE-SU-2019:1795", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00043.html" }, { "name": "DSA-4712", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11597", "datePublished": "2019-04-29T15:05:54", "dateReserved": "2019-04-29T00:00:00", "dateUpdated": "2024-08-04T22:55:41.024Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-13758
Vulnerability from cvelistv5
Published
2017-08-29 23:00
Modified
2024-08-05 19:05
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
References
▼ | URL | Tags |
---|---|---|
https://www.debian.org/security/2017/dsa-4040 | vendor-advisory, x_refsource_DEBIAN | |
https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 | x_refsource_CONFIRM | |
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://security.gentoo.org/glsa/201711-07 | vendor-advisory, x_refsource_GENTOO | |
https://www.debian.org/security/2017/dsa-4032 | vendor-advisory, x_refsource_DEBIAN | |
http://www.securitytracker.com/id/1039246 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:05:20.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4040", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4040" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=32583" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "DSA-4032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2017/dsa-4032" }, { "name": "1039246", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1039246" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-08-29T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "DSA-4040", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4040" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=32583" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "DSA-4032", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2017/dsa-4032" }, { "name": "1039246", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1039246" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-13758", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4040", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4040" }, { "name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=32583", "refsource": "CONFIRM", "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=32583" }, { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "GLSA-201711-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201711-07" }, { "name": "DSA-4032", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-4032" }, { "name": "1039246", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039246" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-13758", "datePublished": "2017-08-29T23:00:00", "dateReserved": "2017-08-29T00:00:00", "dateUpdated": "2024-08-05T19:05:20.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3195
Vulnerability from cvelistv5
Published
2023-06-16 00:00
Modified
2024-12-03 16:24
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | ImageMagick |
Version: Fixed in ImageMagick 6.9.12-26, ImageMagick 7.1.0-11 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:48:08.287Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214141" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/05/29/1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-3195" }, { "name": "FEDORA-2023-27548af422", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/" }, { "name": "FEDORA-2023-edbdccae2a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-3195", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-03T16:23:59.631518Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T16:24:31.268Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "ImageMagick", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in ImageMagick 6.9.12-26, ImageMagick 7.1.0-11" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow issue was found in ImageMagick\u0027s coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 - Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-31T02:07:15.420160", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214141" }, { "url": "https://www.openwall.com/lists/oss-security/2023/05/29/1" }, { "url": "https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023" }, { "url": "https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c" }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3195" }, { "name": "FEDORA-2023-27548af422", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45DUUXYMAEEAW55GSLAXN25VPKCRAIDA/" }, { "name": "FEDORA-2023-edbdccae2a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-3195", "datePublished": "2023-06-16T00:00:00", "dateReserved": "2023-06-12T00:00:00", "dateUpdated": "2024-12-03T16:24:31.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-3718
Vulnerability from cvelistv5
Published
2016-05-05 18:00
Modified
2025-02-07 13:27
Severity ?
EPSS score ?
Summary
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:03:34.460Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog" }, { "name": "openSUSE-SU-2016:1266", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588" }, { "name": "openSUSE-SU-2016:1326", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html" }, { "name": "USN-2990-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2990-1" }, { "name": "openSUSE-SU-2016:1261", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html" }, { "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded" }, { "name": "39767", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/39767/" }, { "name": "SUSE-SU-2016:1260", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html" }, { "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18" }, { "name": "GLSA-201611-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201611-21" }, { "name": "SUSE-SU-2016:1275", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html" }, { "name": "SSA:2016-132-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE", "x_transferred" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.imagemagick.org/script/changelog.php" }, { "name": "DSA-3580", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3580" }, { "name": "RHSA-2016:0726", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2016-3718", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-07T13:27:43.837440Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3718" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-07T13:27:56.489Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-05-03T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://git.imagemagick.org/repos/ImageMagick/blob/a01518e08c840577cabd7d3ff291a9ba735f7276/ChangeLog" }, { "name": "openSUSE-SU-2016:1266", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=4\u0026t=29588" }, { "name": "openSUSE-SU-2016:1326", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html" }, { "name": "USN-2990-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2990-1" }, { "name": "openSUSE-SU-2016:1261", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html" }, { "name": "20160513 May 2016 - HipChat Server - Critical Security Advisory", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/538378/100/0/threaded" }, { "name": "39767", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/39767/" }, { "name": "SUSE-SU-2016:1260", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html" }, { "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "name": "[oss-security] 20160504 Re: ImageMagick Is On Fire -- CVE-2016-3714", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/05/03/18" }, { "name": "GLSA-201611-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201611-21" }, { "name": "SUSE-SU-2016:1275", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html" }, { "name": "SSA:2016-132-01", "tags": [ "vendor-advisory", "x_refsource_SLACKWARE" ], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.440568" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.imagemagick.org/script/changelog.php" }, { "name": "DSA-3580", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3580" }, { "name": "RHSA-2016:0726", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0726.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-3718", "datePublished": "2016-05-05T18:00:00.000Z", "dateReserved": "2016-03-30T00:00:00.000Z", "dateUpdated": "2025-02-07T13:27:56.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-18273
Vulnerability from cvelistv5
Published
2018-05-18 19:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
References
▼ | URL | Tags |
---|---|---|
https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html | mailing-list, x_refsource_MLIST | |
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/ImageMagick/ImageMagick/issues/910 | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T21:13:49.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/910" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-07T23:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" }, { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/910" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18273", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" }, { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/910", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/910" }, { "name": "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html" }, { "name": "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18273", "datePublished": "2018-05-18T19:00:00", "dateReserved": "2018-05-18T00:00:00", "dateUpdated": "2024-08-05T21:13:49.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16750
Vulnerability from cvelistv5
Published
2018-09-09 15:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1118 | x_refsource_MISC | |
https://usn.ubuntu.com/3785-1/ | vendor-advisory, x_refsource_UBUNTU | |
http://www.securityfocus.com/bid/108492 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:53.995Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1118" }, { "name": "USN-3785-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3785-1/" }, { "name": "108492", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108492" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-09T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-05-29T09:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1118" }, { "name": "USN-3785-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3785-1/" }, { "name": "108492", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108492" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16750", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1118", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1118" }, { "name": "USN-3785-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3785-1/" }, { "name": "108492", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108492" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16750", "datePublished": "2018-09-09T15:00:00", "dateReserved": "2018-09-09T00:00:00", "dateUpdated": "2024-08-05T10:32:53.995Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7470
Vulnerability from cvelistv5
Published
2018-02-25 07:00
Modified
2024-08-05 06:31
Severity ?
EPSS score ?
Summary
An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/998 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/998" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-25T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-25T07:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/998" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7470", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/998", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/998" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7470", "datePublished": "2018-02-25T07:00:00", "dateReserved": "2018-02-25T00:00:00", "dateUpdated": "2024-08-05T06:31:03.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13304
Vulnerability from cvelistv5
Published
2019-07-05 00:53
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/issues/1614 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241 | x_refsource_MISC | |
https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html | mailing-list, x_refsource_MLIST | |
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
https://usn.ubuntu.com/4192-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://www.debian.org/security/2020/dsa-4712 | vendor-advisory, x_refsource_DEBIAN | |
https://www.debian.org/security/2020/dsa-4715 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:49:24.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1614" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e" }, { "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html" }, { "name": "openSUSE-SU-2019:1983", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "DSA-4715", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2020/dsa-4715" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-03T11:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1614" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e" }, { "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html" }, { "name": "openSUSE-SU-2019:1983", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "USN-4192-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "DSA-4712", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "DSA-4715", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2020/dsa-4715" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13304", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/issues/1614", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1614" }, { "name": "https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e" }, { "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html" }, { "name": "openSUSE-SU-2019:1983", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00069.html" }, { "name": "USN-4192-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4192-1/" }, { "name": "DSA-4712", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4712" }, { "name": "DSA-4715", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4715" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13304", "datePublished": "2019-07-05T00:53:10", "dateReserved": "2019-07-04T00:00:00", "dateUpdated": "2024-08-04T23:49:24.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14343
Vulnerability from cvelistv5
Published
2017-09-12 17:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/ImageMagick/ImageMagick/issues/649 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:20:41.651Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/649" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-09-12T00:00:00", "descriptions": [ { "lang": "en", "value": "ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/649" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14343", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/649", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/649" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14343", "datePublished": "2017-09-12T17:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2024-08-05T19:20:41.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5247
Vulnerability from cvelistv5
Published
2018-01-05 19:00
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
References
▼ | URL | Tags |
---|---|---|
https://usn.ubuntu.com/3681-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/ImageMagick/ImageMagick/issues/928 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:42.720Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/928" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-06-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "USN-3681-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3681-1/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/928" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-5247", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3681-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3681-1/" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/928", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/928" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-5247", "datePublished": "2018-01-05T19:00:00", "dateReserved": "2018-01-05T00:00:00", "dateUpdated": "2024-08-05T05:33:42.720Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-8900
Vulnerability from cvelistv5
Published
2017-02-27 22:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
References
▼ | URL | Tags |
---|---|---|
http://www.openwall.com/lists/oss-security/2015/02/26/13 | mailing-list, x_refsource_MLIST | |
http://www.openwall.com/lists/oss-security/2016/06/06/2 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1195260 | x_refsource_CONFIRM | |
https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6 | x_refsource_CONFIRM | |
http://trac.imagemagick.org/changeset/17846 | x_refsource_CONFIRM | |
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929 | x_refsource_CONFIRM | |
http://trac.imagemagick.org/changeset/17845 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T08:29:22.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" }, { "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195260" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.imagemagick.org/changeset/17846" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26929" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://trac.imagemagick.org/changeset/17845" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-02-27T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" }, { "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195260" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.imagemagick.org/changeset/17846" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26929" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://trac.imagemagick.org/changeset/17845" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8900", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] 20150226 Requesting CVE for ImageMagick DoS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/02/26/13" }, { "name": "[oss-security] 20160606 Re: Requesting CVE for ImageMagick DoS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/06/06/2" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1195260", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195260" }, { "name": "https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6" }, { "name": "http://trac.imagemagick.org/changeset/17846", "refsource": "CONFIRM", "url": "http://trac.imagemagick.org/changeset/17846" }, { "name": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26929", "refsource": "CONFIRM", "url": "http://www.imagemagick.org/discourse-server/viewtopic.php?f=3\u0026t=26929" }, { "name": "http://trac.imagemagick.org/changeset/17845", "refsource": "CONFIRM", "url": "http://trac.imagemagick.org/changeset/17845" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8900", "datePublished": "2017-02-27T22:00:00", "dateReserved": "2016-06-05T00:00:00", "dateUpdated": "2024-08-06T08:29:22.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-16645
Vulnerability from cvelistv5
Published
2018-09-06 22:00
Modified
2024-08-05 10:32
Severity ?
EPSS score ?
Summary
There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
References
▼ | URL | Tags |
---|---|---|
https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html | mailing-list, x_refsource_MLIST | |
https://github.com/ImageMagick/ImageMagick/issues/1268 | x_refsource_MISC | |
https://www.debian.org/security/2018/dsa-4316 | vendor-advisory, x_refsource_DEBIAN | |
https://usn.ubuntu.com/3785-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://usn.ubuntu.com/4034-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:32:53.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1268" }, { "name": "DSA-4316", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4316" }, { "name": "USN-3785-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3785-1/" }, { "name": "USN-4034-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4034-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-09-06T00:00:00", "descriptions": [ { "lang": "en", "value": "There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-25T14:06:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/1268" }, { "name": "DSA-4316", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4316" }, { "name": "USN-3785-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3785-1/" }, { "name": "USN-4034-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4034-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16645", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832" }, { "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/1268", "refsource": "MISC", "url": "https://github.com/ImageMagick/ImageMagick/issues/1268" }, { "name": "DSA-4316", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4316" }, { "name": "USN-3785-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3785-1/" }, { "name": "USN-4034-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4034-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-16645", "datePublished": "2018-09-06T22:00:00", "dateReserved": "2018-09-06T00:00:00", "dateUpdated": "2024-08-05T10:32:53.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-10062
Vulnerability from cvelistv5
Published
2017-03-02 21:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/95209 | vdb-entry, x_refsource_BID | |
http://www.debian.org/security/2017/dsa-3799 | vendor-advisory, x_refsource_DEBIAN | |
https://github.com/ImageMagick/ImageMagick/issues/196 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2016/12/26/9 | mailing-list, x_refsource_MLIST | |
https://bugzilla.redhat.com/show_bug.cgi?id=1410473 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:32.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95209", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95209" }, { "name": "DSA-3799", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3799" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/196" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410473" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-26T00:00:00", "descriptions": [ { "lang": "en", "value": "The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "95209", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95209" }, { "name": "DSA-3799", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3799" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/ImageMagick/ImageMagick/issues/196" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410473" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10062", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "95209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95209" }, { "name": "DSA-3799", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3799" }, { "name": "https://github.com/ImageMagick/ImageMagick/issues/196", "refsource": "CONFIRM", "url": "https://github.com/ImageMagick/ImageMagick/issues/196" }, { "name": "[oss-security] 20161226 Re: CVE requests for various ImageMagick issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/26/9" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1410473", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1410473" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10062", "datePublished": "2017-03-02T21:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2024-08-06T03:07:32.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27751
Vulnerability from cvelistv5
Published
2020-12-08 00:00
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shift exponent that is too large for 64-bit type. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | ImageMagick |
Version: prior to 7.0.9-0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:18:45.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [