Lucene search
+L

154 matches found

Debian CVE
Debian CVE
added 2020/12/04 12:0 a.m.37 views

CVE-2020-27776

A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability,...

4.3CVSS5.7AI score0.00874EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2020/12/03 5:15 p.m.32 views

CVE-2020-27761

WritePALMImage in /coders/palm.c used sizet casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssizet instead to avoid this issue. Re...

4.3CVSS6.8AI score0.01075EPSS
Exploits0References3
OSV
OSV
added 2020/12/03 5:15 p.m.12 views

UBUNTU-CVE-2020-27761

WritePALMImage in /coders/palm.c used sizet casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssizet instead to avoid this issue. Re...

3.3CVSS6.7AI score0.01075EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/12/03 12:0 a.m.39 views

CVE-2020-27761

WritePALMImage in /coders/palm.c used sizet casts in several areas of a calculation which could lead to values outside the range of representable type unsigned long undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to ssizet instead to avoid this issue. Re...

5AI score0.01075EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/12/03 12:0 a.m.8 views

ImageMagick Studio ImageMagick 输入验证错误漏洞

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in ImageMagick versions prior to 7.0.9-0, which stems...

4.3CVSS6.8AI score0.01075EPSS
Exploits0References10
Veracode
Veracode
added 2020/11/26 6:14 a.m.37 views

Denial Of Service (DoS)

ImageMagick is vulnerable to denial of service. An attacker is allowed to send an input value which is outside the range of representable values of type 'unsigned long' at MagickCore/statistic.c to trigger an application crash...

3.3CVSS3.3AI score0.01147EPSS
Exploits0References5Affected Software4
RedhatCVE
RedhatCVE
added 2020/11/24 7:54 p.m.34 views

CVE-2020-27758

A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long long. This would most likely lead to an impact to application availability, but...

4.3CVSS3.1AI score0.01124EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/11/24 7:23 p.m.23 views

CVE-2020-27757

A floating point math calculation in ScaleAnyToQuantum of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by...

4.3CVSS1.8AI score0.01072EPSS
Exploits1References3
OSV
OSV
added 2020/06/24 1:51 a.m.13 views

OSV-2020-65 Heap-use-after-free in std::__1::vector<unsigned long, std::__1::allocator<unsigned long> >::begin

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21908 Crash type: Heap-use-after-free READ 8 Crash state: std::1::vector ::begin perfetto::traceprocessor::TrackTracker::ResolveDescriptorTrack perfetto::traceprocessor::TrackTracker::GetDescriptorTrackImpl...

7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/03 12:0 a.m.13 views

PT-2019-5856 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.8-68 Description: A floating point math calculation in the ScaleAnyToQuantum function of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigne...

9.1CVSS7.1AI score0.89855EPSS
Exploits65References335
NVD
NVD
added 2018/10/29 12:29 p.m.26 views

CVE-2018-18710

An issue was discovered in the Linux kernel through 4.19. An information leak in cdromioctlselectdisc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and...

5.5CVSS6AI score0.00501EPSS
Exploits0References14
OSV
OSV
added 2017/05/18 1:29 a.m.2 views

DEBIAN-CVE-2017-9043

readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted ELF file...

7.8CVSS7.2AI score0.02129EPSS
Exploits0References1
ossfuzz
ossfuzz
added 2017/02/18 10:59 a.m.19 views

libtsm: Bad-cast to const std::__1::__less<unsigned long, unsigned long> *_start

Project: git://people.freedesktop.org/dvdhrm/libtsm Detailed report: https://oss-fuzz.com/testcase?key=4858886169296896 Project: libtsm Fuzzer: libFuzzerlibtsmfuzzer Fuzz target binary: libtsmfuzzer Job Type: libfuzzerubsanlibtsm Platform Id: linux Crash Type: Bad-cast Crash Address: 0x7ffe13981c...

7AI score
Exploits0Affected Software1
myhack58
myhack58
added 2016/12/16 12:0 a.m.74 views

unsorted bin attack analysis-vulnerability warning-the black bar safety net

One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...

1AI score
Exploits0
Rows per page
Query Builder