CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-14325 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadM… | |
| CVE-2017-14324 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-14314 | medium | 6.5 | 6.5 | 9y ago | Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and applicatio… | |
| CVE-2017-7650 | medium | 6.5 | 6.5 | 9y ago | In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that… | |
| CVE-2017-14249 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial … | |
| CVE-2017-14248 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. | |
| CVE-2017-8040 | medium | 6.5 | 6.5 | 9y ago | In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service das… | |
| CVE-2017-14223 | medium | 6.5 | 6.5 | 9y ago | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large … | |
| CVE-2017-14222 | medium | 6.5 | 6.5 | 9y ago | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_c… | |
| CVE-2017-0792 | medium | 6.5 | 6.5 | 9y ago | A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. | |
| CVE-2017-12071 | medium | 6.5 | 6.5 | 9y ago | Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via th… | |
| CVE-2017-11162 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | |
| CVE-2017-6793 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulne… | |
| CVE-2017-6792 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is … | |
| CVE-2017-12225 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixati… | |
| CVE-2017-12224 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even t… | |
| CVE-2017-14175 | medium | 6.5 | 6.5 | 9y ago | In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and co… | |
| CVE-2017-14174 | medium | 6.5 | 6.5 | 9y ago | In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large … | |
| CVE-2017-14173 | medium | 6.5 | 6.5 | 9y ago | In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smalle… | |
| CVE-2017-14172 | medium | 6.5 | 6.5 | 9y ago | In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" fi… | |
| CVE-2017-14171 | medium | 6.5 | 6.5 | 9y ago | In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a l… | |
| CVE-2017-14170 | medium | 6.5 | 6.5 | 9y ago | In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims… | |
| CVE-2017-14166 | medium | 6.5 | 6.5 | 9y ago | libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strin… | |
| CVE-2017-14165 | medium | 6.5 | 6.5 | 9y ago | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote den… | |
| CVE-2017-1130 | medium | 6.5 | 6.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… | |
| CVE-2017-1129 | medium | 6.5 | 6.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… | |
| CVE-2017-14139 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. | |
| CVE-2017-14132 | medium | 6.5 | 6.5 | 9y ago | JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.90… | |
| CVE-2017-14114 | medium | 6.5 | 6.5 | 9y ago | RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers… | |
| CVE-2017-12693 | medium | 6.5 | 6.5 | 9y ago | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | |
| CVE-2017-12692 | medium | 6.5 | 6.5 | 9y ago | The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | |
| CVE-2017-12691 | medium | 6.5 | 6.5 | 9y ago | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |
| CVE-2017-14107 | medium | 6.5 | 6.5 | 9y ago | The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in … | |
| CVE-2017-14060 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixel… | |
| CVE-2017-14059 | medium | 6.5 | 6.5 | 9y ago | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but… | |
| CVE-2017-14058 | medium | 6.5 | 6.5 | 9y ago | In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite l… | |
| CVE-2017-14057 | medium | 6.5 | 6.5 | 9y ago | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" … | |
| CVE-2017-14056 | medium | 6.5 | 6.5 | 9y ago | In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "… | |
| CVE-2017-14055 | medium | 6.5 | 6.5 | 9y ago | In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "… | |
| CVE-2017-14054 | medium | 6.5 | 6.5 | 9y ago | In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" fiel… | |
| CVE-2017-13670 | medium | 6.5 | 6.5 | 9y ago | In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. | |
| CVE-2017-14042 | medium | 6.5 | 6.5 | 9y ago | A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of … | |
| CVE-2017-9945 | medium | 6.5 | 6.5 | 9y ago | In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local E… | |
| CVE-2017-13777 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts o… | |
| CVE-2017-13776 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts o… | |
| CVE-2017-13775 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the r… | |
| CVE-2017-13769 | medium | 6.5 | 6.5 | 9y ago | The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | |
| CVE-2017-13768 | medium | 6.5 | 6.5 | 9y ago | Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | |
| CVE-2017-13758 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | |
| CVE-2017-13673 | medium | 6.5 | 6.5 | 9y ago | The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot… | |
| CVE-2017-12875 | medium | 6.5 | 6.5 | 9y ago | The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. | |
| CVE-2017-12422 | medium | 6.5 | 6.5 | 9y ago | NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. | |
| CVE-2017-13744 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. | |
| CVE-2017-13743 | medium | 6.5 | 6.5 | 9y ago | There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. | |
| CVE-2017-13742 | medium | 6.5 | 6.5 | 9y ago | There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. | |
| CVE-2017-13741 | medium | 6.5 | 6.5 | 9y ago | There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. | |
| CVE-2017-13737 | medium | 6.5 | 6.5 | 9y ago | There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |
| CVE-2017-13736 | medium | 6.5 | 6.5 | 9y ago | There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |
| CVE-2017-13734 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | |
| CVE-2017-13733 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | |
| CVE-2017-13732 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | |
| CVE-2017-13731 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. | |
| CVE-2017-13730 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | |
| CVE-2017-13729 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | |
| CVE-2017-13727 | medium | 6.5 | 6.5 | 9y ago | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of servic… | |
| CVE-2017-13726 | medium | 6.5 | 6.5 | 9y ago | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service atta… | |
| CVE-2017-1110 | medium | 6.5 | 6.5 | 9y ago | IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force … | |
| CVE-2017-10834 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | |
| CVE-2017-12954 | medium | 6.5 | 6.5 | 9y ago | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | |
| CVE-2017-12953 | medium | 6.5 | 6.5 | 9y ago | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | |
| CVE-2017-12952 | medium | 6.5 | 6.5 | 9y ago | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |
| CVE-2017-12951 | medium | 6.5 | 6.5 | 9y ago | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft… | |
| CVE-2017-12950 | medium | 6.5 | 6.5 | 9y ago | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | |
| CVE-2017-12925 | medium | 6.5 | 6.5 | 9y ago | Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | |
| CVE-2017-12924 | medium | 6.5 | 6.5 | 9y ago | CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. | |
| CVE-2017-12923 | medium | 6.5 | 6.5 | 9y ago | OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |
| CVE-2017-12922 | medium | 6.5 | 6.5 | 9y ago | wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |
| CVE-2017-12921 | medium | 6.5 | 6.5 | 9y ago | PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |
| CVE-2017-12920 | medium | 6.5 | 6.5 | 9y ago | CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | |
| CVE-2017-12919 | medium | 6.5 | 6.5 | 9y ago | Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | |
| CVE-2017-12877 | medium | 6.5 | 6.5 | 9y ago | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | |
| CVE-2017-12876 | medium | 6.5 | 6.5 | 9y ago | Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | |
| CVE-2017-7693 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | |
| CVE-2017-12074 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name… | |
| CVE-2017-13658 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exi… | |
| CVE-2017-13648 | medium | 6.5 | 6.5 | 9y ago | In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. | |
| CVE-2017-12809 | medium | 6.5 | 6.5 | 9y ago | QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process… | |
| CVE-2017-13145 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | |
| CVE-2017-13144 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. | |
| CVE-2017-13142 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. | |
| CVE-2017-13141 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. | |
| CVE-2017-13140 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a P… | |
| CVE-2017-13134 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted fi… | |
| CVE-2017-13133 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. | |
| CVE-2017-13132 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denia… | |
| CVE-2017-13131 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList … | |
| CVE-2017-12843 | medium | 6.5 | 6.5 | 9y ago | Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | |
| CVE-2017-13066 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. | |
| CVE-2017-13065 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | |
| CVE-2017-13064 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. |