Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2017-02-06 CVE-2016-9532 Out-of-bounds Read vulnerability in multiple products
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
local
low complexity
libtiff debian CWE-125
5.5
2017-02-06 CVE-2016-7800 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
network
low complexity
graphicsmagick opensuse debian CWE-191
7.5
2017-02-06 CVE-2016-7449 Out-of-bounds Read vulnerability in multiple products
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
network
low complexity
graphicsmagick debian opensuse CWE-125
7.5
2017-02-06 CVE-2016-7448 Resource Management Errors vulnerability in multiple products
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
network
low complexity
graphicsmagick debian opensuse CWE-399
7.5
2017-02-06 CVE-2016-7447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
graphicsmagick debian opensuse CWE-119
critical
9.8
2017-02-06 CVE-2016-7446 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
graphicsmagick debian opensuse CWE-119
critical
9.8
2017-02-03 CVE-2016-10165 Out-of-bounds Read vulnerability in multiple products
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
7.1
2017-02-03 CVE-2016-5241 Numeric Errors vulnerability in multiple products
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
local
low complexity
graphicsmagick debian opensuse CWE-189
5.5
2017-02-03 CVE-2016-4571 Resource Exhaustion vulnerability in multiple products
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
local
low complexity
mini-xml-project debian CWE-400
5.5
2017-02-03 CVE-2016-4570 Resource Exhaustion vulnerability in multiple products
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
local
low complexity
mini-xml-project debian CWE-400
5.5