Security Vulnerabilities - CVEs Published In July 2017
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-26
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-07-26
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-07-26
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-26
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-07-26
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-26
Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-07-26
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVSS Score
5.5
EPSS Score
0.003
Published
2017-07-25
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVSS Score
5.5
EPSS Score
0.003
Published
2017-07-25
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVSS Score
5.5
EPSS Score
0.003
Published
2017-07-25