Vulnerabilities > Canonical > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-14343 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | 4.3 |
| 2017-09-12 | CVE-2017-14342 | Resource Exhaustion vulnerability in multiple products ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | 4.3 |
| 2017-09-12 | CVE-2017-14326 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | 4.3 |
| 2017-09-09 | CVE-2017-14228 | NULL Pointer Dereference vulnerability in multiple products In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. | 4.3 |
| 2017-09-07 | CVE-2017-14173 | Infinite Loop vulnerability in multiple products In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. | 4.3 |
| 2017-09-06 | CVE-2017-14166 | Out-of-bounds Read vulnerability in multiple products libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | 4.3 |
| 2017-08-31 | CVE-2017-0902 | Origin Validation Error vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | 6.8 |
| 2017-08-31 | CVE-2017-0901 | Improper Input Validation vulnerability in multiple products RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | 6.4 |
| 2017-08-31 | CVE-2017-14060 | NULL Pointer Dereference vulnerability in multiple products In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. | 4.3 |
| 2017-08-30 | CVE-2017-13769 | Out-of-bounds Read vulnerability in multiple products The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | 4.3 |