Cristy

204 exploits Active since Dec 2016
CVE-2017-12663 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-2 - Memory Leak in WriteMAPImage
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
CVSS 8.8
CVE-2017-12664 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-2 - Memory Leak in WritePALMImage
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
CVSS 8.8
CVE-2017-12665 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-2 - Memory Leak in WritePICTImage
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
CVSS 8.8
CVE-2017-12666 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-2 - Memory Leak in WriteINLINEImage
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
CVSS 8.8
CVE-2017-12667 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-1 - Memory Leak in ReadMATImage
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
CVSS 8.8
CVE-2017-12668 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-2 - Memory Leak in WritePCXImage
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVSS 8.8
CVE-2017-12669 WRITEUP HIGH WRITEUP
ImageMagick 7.0.6-2 - Memory Leak in WriteCALSImage
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
CVSS 8.8
CVE-2017-12876 WRITEUP MEDIUM WRITEUP
ImageMagick 7.0.0-0-7.0.6-6 - Heap-based Buffer Overflow in enhance.c
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVSS 6.5
CVE-2017-12877 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.9-6 - Use-After-Free in DestroyImage Function
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
CVSS 6.5
CVE-2017-13142 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.9-0 and 7.x < 7.0.6-1 - Denial of Service via Crafted PNG File
In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files.
CVSS 6.5
CVE-2017-13143 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.7-6 and 7.x < 7.0.4-6 - Information Disclosure via Uninitialized Memory in ReadMATImage
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
CVSS 7.5
CVE-2017-13145 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.8-8 and 7.x < 7.0.5-9 - Denial of Service via JP2 Channel Geometry Validation
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash.
CVSS 6.5
CVE-2017-13146 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.8-5 and 7.x < 7.0.5-6 - Memory Leak in ReadMATImage
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
CVSS 8.8
CVE-2017-13658 WRITEUP MEDIUM WRITEUP
ImageMagick < 6.9.9-3 and 7.x < 7.0.6-3 - Denial of Service via Missing NULL Check in ReadMATImage
In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c.
CVSS 6.5
CVE-2017-14172 WRITEUP MEDIUM WRITEUP
ImageMagick 7.0.7-0 Q16 - Denial of Service via Crafted PSD File
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 6.5
CVE-2017-14173 WRITEUP MEDIUM WRITEUP
ImageMagick 7.0.6-10 - Buffer Overflow
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.
CVSS 6.5
CVE-2017-14174 WRITEUP MEDIUM WRITEUP
ImageMagick 7.0.7-0 Q16 - Denial of Service via Crafted PSD File
In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 6.5
CVE-2017-14175 WRITEUP MEDIUM WRITEUP
ImageMagick 7.0.6-1 Q16 - Denial of Service via Crafted XBM File
In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.
CVSS 6.5
CVE-2017-14341 WRITEUP MEDIUM WRITEUP
ImageMagick 7.0.6-6 - Uncontrolled Resource Consumption via Crafted WPG Image
ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.
CVSS 6.5
CVE-2017-16546 WRITEUP HIGH WRITEUP
ImageMagick - Denial of Service via Malformed WPG File Colormap Index
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
CVSS 8.8
CVE-2017-5506 WRITEUP HIGH WRITEUP
ImageMagick - Double Free in magick/profile.c
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
CVSS 7.8
CVE-2017-5507 WRITEUP HIGH WRITEUP
ImageMagick - Memory Leak in MPC Coder
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVSS 7.5
CVE-2017-5508 WRITEUP MEDIUM WRITEUP
ImageMagick - Heap-based Buffer Overflow in PushQuantumPixel via Crafted TIFF File
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVSS 5.5
CVE-2017-5509 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.7-4 - Out-of-bounds Write via PSD File
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS 7.8
CVE-2017-5510 WRITEUP HIGH WRITEUP
ImageMagick < 6.9.7-4 - Out-of-bounds Write via Crafted PSD File
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.
CVSS 7.8