VYPR

Ubuntu Linux

by Canonical

CVEs (1,886)

  • CVE-2017-14342MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.01

    ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.

  • CVE-2017-14341MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.

  • CVE-2017-14326MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.01

    In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-14325MedSep 12, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.

  • CVE-2017-14175MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is…

  • CVE-2017-14174MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14173MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted…

  • CVE-2017-14172MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the…

  • CVE-2017-12693MedSep 1, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.

  • CVE-2017-12692MedSep 1, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.

  • CVE-2017-12691MedSep 1, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

  • CVE-2017-14060MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a…

  • CVE-2017-13769MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.01

    The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.

  • CVE-2017-13768MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.

  • CVE-2017-12877MedAug 28, 2017
    risk 0.42cvss 6.5epss 0.02

    Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.

  • CVE-2017-13145MedAug 23, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.

  • CVE-2016-6796HigAug 11, 2017
    risk 0.42cvss 7.5epss 0.08

    A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

  • CVE-2016-6797HigAug 10, 2017
    risk 0.42cvss 7.5epss 0.08

    The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.…

  • CVE-2017-11683MedJul 27, 2017
    risk 0.42cvss 6.5epss 0.03

    There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.

  • CVE-2015-5219HigJul 21, 2017
    risk 0.42cvss 7.5epss 0.06

    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Page 24 of 95