The vulnerability of the `ApplyEvaluateOperator()` function in the `/MagickCore/statistic.c` file of the ImageMagick console graphics editor allows a malicious actor to cause a service failure by exploiting a numerical overflow condition.

The vulnerability of the ApplyEvaluateOperator function in the /MagickCore/statistic.c file of the ImageMagick console graphics editor allows for integer overflow of values. Exploiting this vulnerability enables a remote attacker to cause a service failure using a specially created file...

Cross site scripting

TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explainfirst and againexplain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scriptin...

TinyShop 跨站脚本漏洞

TinyShop is a software application. A free and open source mall with basic sales functionality based on RageFrame2. A security vulnerability exists in TinyShop 1.2.0, which originates in the explainfirst and attributeexplain parameters of /evaluate/index.php...

The vulnerability of the ESIExpression::Evaluate function in the Squid proxy server lies in the fact that it allows the output of operations within acceptable data buffer limits. This enables attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ESIExpression::Evaluate function of the Squid proxy server is related to the execution of operations within acceptable data buffer limits. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service...

DEBIAN-CVE-2020-27764

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...

GHSA-P7W2-MC6M-MFX2 Malicious Package in scroool

Version 0.1.7 of scroool contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...

Malicious Package in slush-fullstack-framework

Version 0.9.2 of slush-fullstack-framework contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It'...

Malicious Package in radicjs

Version 0.2.1 of radicjs contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...

Malicious Package in pm-controls

Version 1.1.8 of pm-controls contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate yo...

GHSA-76WF-2XCF-6WMX Malicious Package in ngx-pica

Version 1.1.5 of ngx-pica contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate your...

GHSA-3CJV-4PHW-GVVV Malicious Package in getcookies

The getcookies module contained a backdoor that would allow for a remote attacker to execute arbitrary commands on the system running the malicious module. Recommendation This module should be uninstalled if found used within an application. In addition to removing the installed module, you will...

OSV-2020-1308 Heap-use-after-free in Interpreter::evaluate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15846 Crash type: Heap-use-after-free READ 4 Crash state: Interpreter::evaluate Interpreter::manifestJson Interpreter::evaluate...

MGASA-2020-0275 Updated perl-YAML packages fix security vulnerability

Updated perl-YAML package fixes security vulnerability: This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a security issue. The...

squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow

A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow...

CVE-2019-13307

A heap-based buffer overflow was discovered in ImageMagick in the way it parses images when using the evaluate-sequence option. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to...

ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows

A heap-based buffer overflow was discovered in ImageMagick in the way it parses images when using the evaluate-sequence option. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to...

CVE-2019-13300

A heap-based buffer overflow was discovered in ImageMagick in the way it applies a value with arithmetic, relational, or logical operators to an image due to mishandling columns. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence...

jsonnet/convert_jsonnet_fuzzer: Use-of-uninitialized-value in Interpreter::evaluate

Detailed report: https://oss-fuzz.com/testcase?key=5766210858254336 Project: jsonnet Fuzzer: libFuzzerjsonnetconvertjsonnetfuzzer Fuzz target binary: convertjsonnetfuzzer Job Type: libfuzzermsanjsonnet Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

UBUNTU-CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

UBUNTU-CVE-2019-13307

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows...