FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  514534
Date:      2019-10-15
Time:      14:43:01Z
Committer: kai

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
183d700e-ec70-487e-a9c4-632324afa934ImageMagick -- multiple vulnerabilities

cvedetails.com reports:

CVE-2019-7175: In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c.

CVE-2019-7395: In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c.

CVE-2019-7396: In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.

CVE-2019-7397: In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c.

CVE-2019-7398: In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c.

CVE-2019-9956: In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.

CVE-2019-10131: An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.

CVE-2019-10649: In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.

CVE-2019-10650: In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file.

CVE-2019-10714: LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 allows out-of-bounds access, leading to a SIGSEGV.

CVE-2019-11470: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file.

CVE-2019-11472: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.

CVE-2019-11597: In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file.

CVE-2019-11598: In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c.


Discovery 2019-03-07
Entry 2019-05-30
Modified 2019-06-17
ImageMagick7
lt 7.0.8.47

ImageMagick7-nox11
lt 7.0.8.47

ImageMagick6
lt 6.9.10.47,1

ImageMagick6-nox11
lt 6.9.10.47,1

https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
CVE-2019-7175
CVE-2019-7395
CVE-2019-7396
CVE-2019-7397
CVE-2019-7398
CVE-2019-9956
CVE-2019-10131
CVE-2019-10649
CVE-2019-10650
CVE-2019-10714
CVE-2019-11470
CVE-2019-11472
CVE-2019-11597
CVE-2019-11598
16fb4f83-a2ab-11e7-9c14-009c02a2ab30ImageMagick -- denial of service via a crafted font file

MITRE reports:

The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.


Discovery 2017-09-21
Entry 2017-09-26
ImageMagick7
lt 7.0.7.4

ImageMagick7-nox11
lt 7.0.7.4

ImageMagick
le 6.9.8.9_1

ImageMagick-nox11
le 6.9.8.9_1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741
https://github.com/ImageMagick/ImageMagick/issues/771
https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14741