RSS   Vulnerabilities for 'Imagemagick'   RSS

2017-11-05
 
CVE-2017-16546

 

 
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.

 
2017-10-12
 
CVE-2017-15281

 

 
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."

 
 
CVE-2017-15277

 

 
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.

 
2017-10-10
 
CVE-2017-15218

 

 
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.

 
 
CVE-2017-15217

 

 
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.

 
2017-10-05
 
CVE-2017-15033

 

 
ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.

 
 
CVE-2017-15032

CWE-79
 

 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.

 
2017-10-04
 
CVE-2017-15017

 

 
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.

 
 
CVE-2017-15016

 

 
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.

 
 
CVE-2017-15015

 

 
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.

 


Copyright 2017, cxsecurity.com

 

Back to Top