VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution. A flaw was found in ImageMagick. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service. A flaw was found in ImageMagick. A remote attacker could provide a specially crafted image, causing the software to allocate more memory than permitted by its configuration. This can lead to a denial of service (DoS), making the system or application unavailable to legitimate users. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-770. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes. A flaw was found in ImageMagick. This vulnerability allows a remote attacker to cause the application to crash. The issue stems from improper handling of XMP (Extensible Metadata Platform) profiles within image files. By crafting a malicious image with specially designed XMP data, an attacker can trigger a heap use-after-free condition, leading to a denial of service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service. A flaw was found in ImageMagick. This heap buffer overflow vulnerability, identified as CWE-122 (Heap-based Buffer Overflow), occurs in the magnify operation when processing an unrecognized `magnify:method` value. An attacker could exploit this by providing a specially crafted input, leading to an out-of-bounds read. This could potentially expose sensitive information or cause a denial of service (DoS) to the system. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). Weakness: CWE-125. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service. A flaw was found in ImageMagick. This vulnerability involves a memory leak within the VIFF encoder, a component responsible for handling image files. This action can exhaust available system memory, leading to a denial of service (DoS) where the system becomes unresponsive. Red Hat severity: Low — CVSS 2.9 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Weakness: CWE-772. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process. A flaw was found in ImageMagick. This could lead to unauthorized file creation or modification, potentially impacting system integrity. Red Hat severity: Low — CVSS 3.3 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). Weakness: CWE-22. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.