Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-30 | CVE-2017-13777 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 6.5 |
| 2017-08-30 | CVE-2017-13776 | Excessive Iteration vulnerability in multiple products GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 6.5 |
| 2017-08-30 | CVE-2017-13775 | GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | 6.5 |
| 2017-08-30 | CVE-2017-13769 | Out-of-bounds Read vulnerability in multiple products The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | 6.5 |
| 2017-08-30 | CVE-2017-13768 | NULL Pointer Dereference vulnerability in multiple products Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | 6.5 |
| 2017-08-30 | CVE-2016-10507 | Integer Overflow or Wraparound vulnerability in Uclouvain Openjpeg Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | 6.5 |
| 2017-08-30 | CVE-2016-10506 | Divide By Zero vulnerability in Uclouvain Openjpeg Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | 6.5 |
| 2017-08-30 | CVE-2016-10505 | NULL Pointer Dereference vulnerability in Uclouvain Openjpeg NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | 6.5 |
| 2017-08-30 | CVE-2016-10504 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Uclouvain Openjpeg Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | 6.5 |
| 2017-08-30 | CVE-2017-13762 | Cross-site Scripting vulnerability in Onosproject Onos 1.10.0/1.8.0/1.9.0 ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | 6.1 |