| CVE | 描述 | 参考链接 |
| CVE-2017-17504 | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17504 https://github.com/ImageMagick/ImageMagick/issues/872 https://www.debian.org/security/2017/dsa-4074 |
| CVE-2017-17680 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | https://github.com/ImageMagick/ImageMagick/issues/873 http://www.securityfocus.com/bid/102203 |
| CVE-2017-17681 | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. |
https://github.com/ImageMagick/ImageMagick/issues/869 http://www.securityfocus.com/bid/102206 |
| CVE-2017-17682 | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | https://github.com/ImageMagick/ImageMagick/issues/870 http://www.securityfocus.com/bid/102202 |
| CVE-2017-17782 | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. |
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c https://sourceforge.net/p/graphicsmagick/bugs/530/ |
| CVE-2017-17783 | In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. |
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a https://sourceforge.net/p/graphicsmagick/bugs/529/ |
| CVE-2017-17879 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. |
https://github.com/ImageMagick/ImageMagick/issues/906 https://www.debian.org/security/2017/dsa-4074 http://www.securityfocus.com/bid/102305 |
| CVE-2017-17880 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. |
https://github.com/ImageMagick/ImageMagick/issues/907 http://www.securityfocus.com/bid/102317 |
| CVE-2017-17881 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. |
https://github.com/ImageMagick/ImageMagick/issues/878 |
| CVE-2017-17882 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. |
https://github.com/ImageMagick/ImageMagick/issues/880 |
| CVE-2017-17883 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. |
https://github.com/ImageMagick/ImageMagick/issues/877 |
| CVE-2017-17884 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. |
https://github.com/ImageMagick/ImageMagick/issues/902 |
| CVE-2017-17885 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. |
https://github.com/ImageMagick/ImageMagick/issues/879 |
| CVE-2017-17886 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. |
https://github.com/ImageMagick/ImageMagick/issues/874 |
| CVE-2017-17887 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. |
https://github.com/ImageMagick/ImageMagick/issues/903 |
| CVE-2017-17912 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. |
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f https://sourceforge.net/p/graphicsmagick/bugs/533/ |
| CVE-2017-17913 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. |
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f https://sourceforge.net/p/graphicsmagick/bugs/536/ |
| CVE-2017-17914 | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. |
https://github.com/ImageMagick/ImageMagick/issues/908 |
| CVE-2017-17915 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. |
http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a https://sourceforge.net/p/graphicsmagick/bugs/535/ |
| CVE-2017-1000476 | ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. |
https://github.com/ImageMagick/ImageMagick/issues/867 |
| CVE-2017-0406 |
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. |
https://source.android.com/security/bulletin/2017-02-01.html http://www.securityfocus.com/bid/96046 http://www.securitytracker.com/id/1037798 |