Vulnerabilities > Canonical > Ubuntu Linux > 17.10

DATE CVE VULNERABILITY TITLE RISK
2017-12-14 CVE-2017-17682 Resource Exhaustion vulnerability in multiple products
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.
network
low complexity
imagemagick debian canonical CWE-400
6.5
2017-12-14 CVE-2017-17681 Infinite Loop vulnerability in multiple products
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.
network
low complexity
imagemagick canonical CWE-835
6.5
2017-12-14 CVE-2017-17680 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.
network
low complexity
imagemagick canonical CWE-772
6.5
2017-12-11 CVE-2017-1000407 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
7.4
2017-12-11 CVE-2017-17504 Out-of-bounds Read vulnerability in multiple products
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
network
low complexity
imagemagick canonical debian CWE-125
6.5
2017-12-11 CVE-2017-17499 Use After Free vulnerability in multiple products
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
network
low complexity
imagemagick canonical debian CWE-416
critical
9.8
2017-12-01 CVE-2017-16612 Integer Overflow or Wraparound vulnerability in multiple products
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.
network
low complexity
debian canonical x CWE-190
7.5
2017-12-01 CVE-2017-16611 Link Following vulnerability in multiple products
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
local
low complexity
debian canonical x CWE-59
5.5
2017-11-27 CVE-2017-15275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
network
low complexity
samba redhat debian canonical CWE-119
7.5
2017-11-27 CVE-2017-14746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
network
low complexity
samba redhat debian canonical CWE-416
critical
9.8