Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-07 CVE-2017-14173 Infinite Loop vulnerability in multiple products
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected.
network
low complexity
imagemagick debian canonical CWE-835
6.5
2017-09-07 CVE-2017-14172 Excessive Iteration vulnerability in multiple products
In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption.
network
low complexity
imagemagick debian canonical CWE-834
6.5
2017-09-06 CVE-2017-14166 Out-of-bounds Read vulnerability in multiple products
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
network
low complexity
libarchive debian canonical CWE-125
6.5
2017-09-01 CVE-2017-12693 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.
network
low complexity
imagemagick canonical CWE-770
6.5
2017-09-01 CVE-2017-12692 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
network
low complexity
imagemagick canonical CWE-770
6.5
2017-09-01 CVE-2017-12691 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
network
low complexity
imagemagick canonical CWE-770
6.5
2017-08-31 CVE-2017-14060 NULL Pointer Dereference vulnerability in multiple products
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
network
low complexity
imagemagick canonical CWE-476
6.5
2017-08-30 CVE-2017-13769 Out-of-bounds Read vulnerability in multiple products
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
network
low complexity
imagemagick canonical debian CWE-125
6.5
2017-08-30 CVE-2017-13768 NULL Pointer Dereference vulnerability in multiple products
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
network
low complexity
imagemagick debian canonical CWE-476
6.5
2017-08-28 CVE-2017-12877 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick debian canonical CWE-416
6.5