50 matches found
CVE-2021-39212
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded...
PT-2021-7869 · Unknown +4 · Imagemagick +4
Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.12-22 ImageMagick versions prior to 7.1.0-7 Description: The issue is related to the handling of Postscript files in ImageMagick, where these files could be read and written even when excluded by a module...
CVE-2019-11470
The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service uncontrolled resource consumption by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a...
SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2018:2562-1)
This update for ImageMagick fixes the following issues : Security issue fixed : Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml bsc1105592 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempte...
openSUSE Security Update : ImageMagick (openSUSE-2018-1038)
This update for ImageMagick fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858 - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM...
Security update for ImageMagick (moderate)
This update for ImageMagick fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858 - CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:2778-1)
This update for ImageMagick fixes the following issues : The following security vulnerabilities were fixed : CVE-2018-16329: Prevent NULL pointer dereference in the GetMagickProperty function leading to DoS bsc1106858 CVE-2018-16323: ReadXBMImage left data uninitialized when processing an XBM fil...
openSUSE Security Update : ImageMagick (openSUSE-2018-954)
This update for ImageMagick fixes the following issues : Security issue fixed : - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml bsc1105592 This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...
Semrush: Remote Code Execution on www.semrush.com/my_reports on Logo upload
The Logo upload in the report constructor at: https://www.semrush.com/myreports/constructor F340480 is passed through a not properly patched version of ImageMagick. You can use Postscript to get Ghostscript to run which in return allows to trigger arbitrary commands on the server, leading to Remo...
SUSE-SU-2018:2562-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: Security issue fixed: - Disable PS, PS2, PS3, XPS and PDF coders in default policy.xml bsc1105592...
Ghostscript - Multiple Vulnerabilities
Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...
Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities
Overview Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript...
CVE-2018-15607
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote...
DLA-486-1 imagemagick - security update
Bulletin has no description...
Debian DLA-486-1 : imagemagick security update (ImageTragick)
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with contro...
Debian DSA-3580-1 : imagemagick - security update (ImageTragick)
Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered several vulnerabilities in ImageMagick, a program suite for image manipulation. These vulnerabilities, collectively known as ImageTragick, are the consequence of lack of sanitization of untrusted input. An attacker with contro...
Debian: Security Advisory (DSA-3580-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SOL29154575 - ImageMagick vulnerability CVE-2016-3717
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
SOL25102203 - ImageMagick vulnerability CVE-2016-3716
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)
It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...