CVE & Exploit Intelligence Database

CVE-2019-13309 6.5 MEDIUM 2 Writeups EPSS 0.00

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.

CWE-401 Jul 05, 2019

CVE-2019-13301 6.5 MEDIUM 1 Writeup EPSS 0.00

ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.

CWE-401 Jul 05, 2019

CVE-2019-13296 6.5 MEDIUM 1 Writeup EPSS 0.00

ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.

CWE-401 Jul 05, 2019

CVE-2019-13137 6.5 MEDIUM 2 Writeups EPSS 0.02

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.

CWE-401 Jul 01, 2019

CVE-2019-13134 5.5 MEDIUM 1 Writeup EPSS 0.00

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.

CWE-401 Jul 01, 2019

CVE-2019-13133 5.5 MEDIUM 1 Writeup EPSS 0.00

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.

CWE-401 Jul 01, 2019

CVE-2019-12976 5.5 MEDIUM EPSS 0.00

ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.

CWE-401 Jun 26, 2019

CVE-2019-12975 5.5 MEDIUM EPSS 0.00

ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.

CWE-401 Jun 26, 2019

CVE-2019-12379 5.5 MEDIUM EPSS 0.00

An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue

CWE-401 May 28, 2019

CVE-2019-1708 8.6 HIGH EPSS 0.01

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.

CWE-401 May 03, 2019

CVE-2019-11463 5.5 MEDIUM 1 Writeup EPSS 0.00

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

CWE-401 Apr 23, 2019

CVE-2019-6493 5.5 MEDIUM EPSS 0.00

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC0 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.

CWE-401 Apr 11, 2019

CVE-2019-3837 6.1 MEDIUM EPSS 0.00

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.

CWE-401 Apr 11, 2019

CVE-2019-11010 6.5 MEDIUM EPSS 0.01

In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.

CWE-401 Apr 08, 2019

CVE-2019-10649 5.5 MEDIUM EPSS 0.00

In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

CWE-401 Mar 30, 2019

CVE-2019-6608 5.9 MEDIUM EPSS 0.01

On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, the snmpd daemon may leak memory on a multi-blade BIG-IP vCMP guest when processing authorized SNMP requests.

CWE-401 Mar 28, 2019

CVE-2019-6606 4.3 MEDIUM EPSS 0.00

On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0.0-14.0.0.2, when processing certain SNMP requests with a request-id of 0, the snmpd process may leak a small amount of memory.

CWE-401 Mar 28, 2019

CVE-2019-1000031 7.5 HIGH EPSS 0.02

A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in.

CWE-401 Mar 27, 2019

CVE-2019-9857 5.5 MEDIUM EPSS 0.00

In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.

CWE-401 Mar 21, 2019

CVE-2019-6492 5.5 MEDIUM EPSS 0.00

SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.

CWE-401 Mar 21, 2019