Vendor CVEs
Canonical
All CVEs
2,026 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-7447 | Med | 0.43 | 6.5 | 0.05 | Feb 17, 2016 | Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image… | ||
| CVE-2014-1523 | Med | 0.43 | 6.5 | 0.03 | Apr 30, 2014 | Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG… | ||
| CVE-2011-2501 | Med | 0.43 | 6.5 | 0.03 | Jul 17, 2011 | The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during… | ||
| CVE-2010-0629 | Med | 0.43 | 6.5 | 0.05 | Apr 7, 2010 | Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. | ||
| CVE-2017-17934 | Med | 0.42 | 6.5 | 0.03 | Dec 27, 2017 | ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. | ||
| CVE-2017-17914 | Med | 0.42 | 6.5 | 0.02 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. | ||
| CVE-2017-17887 | Med | 0.42 | 6.5 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. | ||
| CVE-2017-17886 | Med | 0.42 | 6.5 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. | ||
| CVE-2017-17885 | Med | 0.42 | 6.5 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. | ||
| CVE-2017-17884 | Med | 0.42 | 6.5 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. | ||
| CVE-2017-17882 | Med | 0.42 | 6.5 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. | ||
| CVE-2017-17881 | Med | 0.42 | 6.5 | 0.01 | Dec 27, 2017 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. | ||
| CVE-2017-17682 | Med | 0.42 | 6.5 | 0.03 | Dec 14, 2017 | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | ||
| CVE-2017-17681 | Med | 0.42 | 6.5 | 0.03 | Dec 14, 2017 | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | ||
| CVE-2017-17680 | Med | 0.42 | 6.5 | 0.02 | Dec 14, 2017 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | ||
| CVE-2017-17504 | Med | 0.42 | 6.5 | 0.02 | Dec 11, 2017 | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | ||
| CVE-2016-1252 | Med | 0.42 | 5.9 | 0.07 | Dec 5, 2017 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a… | ||
| CVE-2017-15218 | Med | 0.42 | 6.5 | 0.02 | Oct 10, 2017 | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | ||
| CVE-2017-15217 | Med | 0.42 | 6.5 | 0.02 | Oct 10, 2017 | ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. | ||
| CVE-2017-14633 | Med | 0.42 | 6.5 | 0.02 | Sep 21, 2017 | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | ||
| CVE-2017-14533 | Med | 0.42 | 6.5 | 0.02 | Sep 18, 2017 | ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | ||
| CVE-2017-14531 | Med | 0.42 | 6.5 | 0.02 | Sep 18, 2017 | ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | ||
| CVE-2017-14343 | Med | 0.42 | 6.5 | 0.01 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | ||
| CVE-2017-14342 | Med | 0.42 | 6.5 | 0.01 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | ||
| CVE-2017-14341 | Med | 0.42 | 6.5 | 0.02 | Sep 12, 2017 | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | ||
| CVE-2017-14326 | Med | 0.42 | 6.5 | 0.01 | Sep 12, 2017 | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-14325 | Med | 0.42 | 6.5 | 0.02 | Sep 12, 2017 | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. | ||
| CVE-2017-14175 | Med | 0.42 | 6.5 | 0.02 | Sep 7, 2017 | In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is… | ||
| CVE-2017-14174 | Med | 0.42 | 6.5 | 0.02 | Sep 7, 2017 | In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is… | ||
| CVE-2017-14173 | Med | 0.42 | 6.5 | 0.02 | Sep 7, 2017 | In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted… | ||
| CVE-2017-14172 | Med | 0.42 | 6.5 | 0.02 | Sep 7, 2017 | In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the… | ||
| CVE-2017-12693 | Med | 0.42 | 6.5 | 0.03 | Sep 1, 2017 | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | ||
| CVE-2017-12692 | Med | 0.42 | 6.5 | 0.03 | Sep 1, 2017 | The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | ||
| CVE-2017-12691 | Med | 0.42 | 6.5 | 0.02 | Sep 1, 2017 | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | ||
| CVE-2017-14060 | Med | 0.42 | 6.5 | 0.02 | Aug 31, 2017 | In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a… | ||
| CVE-2017-13769 | Med | 0.42 | 6.5 | 0.01 | Aug 30, 2017 | The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | ||
| CVE-2017-13768 | Med | 0.42 | 6.5 | 0.02 | Aug 30, 2017 | Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | ||
| CVE-2017-12877 | Med | 0.42 | 6.5 | 0.02 | Aug 28, 2017 | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-13145 | Med | 0.42 | 6.5 | 0.02 | Aug 23, 2017 | In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | ||
| CVE-2016-6796 | Hig | 0.42 | 7.5 | 0.08 | Aug 11, 2017 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | ||
| CVE-2016-6797 | Hig | 0.42 | 7.5 | 0.08 | Aug 10, 2017 | The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.… | ||
| CVE-2017-11683 | Med | 0.42 | 6.5 | 0.03 | Jul 27, 2017 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | ||
| CVE-2015-5219 | Hig | 0.42 | 7.5 | 0.06 | Jul 21, 2017 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | ||
| CVE-2015-5195 | Hig | 0.42 | 7.5 | 0.07 | Jul 21, 2017 | ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | ||
| CVE-2015-5194 | Hig | 0.42 | 7.5 | 0.06 | Jul 21, 2017 | The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | ||
| CVE-2017-11352 | Med | 0.42 | 6.5 | 0.02 | Jul 17, 2017 | In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144. | ||
| CVE-2017-9815 | Med | 0.42 | 6.5 | 0.02 | Jun 22, 2017 | In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file. | ||
| CVE-2017-9404 | Med | 0.42 | 6.5 | 0.01 | Jun 2, 2017 | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-9403 | Med | 0.42 | 6.5 | 0.01 | Jun 2, 2017 | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-9239 | Med | 0.42 | 6.5 | 0.03 | May 26, 2017 | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this… |
- risk 0.43cvss 6.5epss 0.05
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image…
- risk 0.43cvss 6.5epss 0.03
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG…
- risk 0.43cvss 6.5epss 0.03
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during…
- risk 0.43cvss 6.5epss 0.05
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
- risk 0.42cvss 6.5epss 0.03
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
- risk 0.42cvss 6.5epss 0.03
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
- risk 0.42cvss 6.5epss 0.02
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
- risk 0.42cvss 5.9epss 0.07
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a…
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
- risk 0.42cvss 6.5epss 0.02
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.
- risk 0.42cvss 6.5epss 0.01
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
- risk 0.42cvss 6.5epss 0.01
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
- risk 0.42cvss 6.5epss 0.02
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
- risk 0.42cvss 6.5epss 0.01
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is…
- risk 0.42cvss 6.5epss 0.02
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is…
- risk 0.42cvss 6.5epss 0.02
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted…
- risk 0.42cvss 6.5epss 0.02
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the…
- risk 0.42cvss 6.5epss 0.03
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
- risk 0.42cvss 6.5epss 0.03
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
- risk 0.42cvss 6.5epss 0.02
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a…
- risk 0.42cvss 6.5epss 0.01
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
- risk 0.42cvss 6.5epss 0.02
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
- risk 0.42cvss 6.5epss 0.02
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
- risk 0.42cvss 7.5epss 0.08
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
- risk 0.42cvss 7.5epss 0.08
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application.…
- risk 0.42cvss 6.5epss 0.03
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
- risk 0.42cvss 7.5epss 0.06
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
- risk 0.42cvss 7.5epss 0.07
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
- risk 0.42cvss 7.5epss 0.06
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
- risk 0.42cvss 6.5epss 0.02
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
- risk 0.42cvss 6.5epss 0.01
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.01
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.42cvss 6.5epss 0.03
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this…
Page 10 of 41