Vulnerabilities > Canonical > Ubuntu Linux > 16.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17885 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. | 6.5 |
| 2017-12-27 | CVE-2017-17884 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. | 6.5 |
| 2017-12-27 | CVE-2017-17882 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. | 6.5 |
| 2017-12-27 | CVE-2017-17881 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. | 6.5 |
| 2017-12-27 | CVE-2017-17879 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | 8.8 |
| 2017-12-27 | CVE-2017-16995 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension. | 7.8 |
| 2017-12-20 | CVE-2017-17806 | Out-of-bounds Write vulnerability in multiple products The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | 7.8 |
| 2017-12-20 | CVE-2017-17805 | Improper Input Validation vulnerability in multiple products The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. | 7.8 |
| 2017-12-14 | CVE-2017-17682 | Resource Exhaustion vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | 6.5 |
| 2017-12-14 | CVE-2017-17681 | Infinite Loop vulnerability in multiple products In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | 6.5 |