Monthly Archive: March 2017

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=fcced2ba626109d23186282d326427a0fc85fec0 https://bugzilla.redhat.com/show_bug.cgi?id=1343470

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=35aa01dd5511a2616a6427f7d5d49de0132aeb5f https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=ae8e15370f269a529623b762c1355ab1dbab712e

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=f093a3119704fd6d349a9ee32b9f71cabe7d04c8 https://bugzilla.redhat.com/show_bug.cgi?id=1343468

The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82a5bbdd47b9b3f43ce3c2aa18741aecc4a0f962 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=914da276f717b3e21e5af6614887af14af87a9b8

The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=68db5f601d4120170b91f5397e596c0b8f9d3a8e https://bugzilla.redhat.com/show_bug.cgi?id=1343466

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4 https://bugzilla.redhat.com/show_bug.cgi?id=1343465

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=82f779cbc24045af2eaecb95d0842ca7b97c71f4 https://bugzilla.redhat.com/show_bug.cgi?id=1343464

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=be644895456764f2c2670f297d9d9860ff0bdd75 https://bugzilla.redhat.com/show_bug.cgi?id=1343463

ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. Date published : 2017-03-30 https://bugzilla.redhat.com/show_bug.cgi?id=1343462 http://www.openwall.com/lists/oss-security/2014/12/24/1

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. Date published : 2017-03-30 https://bugzilla.redhat.com/show_bug.cgi?id=1343460 http://www.openwall.com/lists/oss-security/2014/12/24/1

vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object." Date published : 2017-03-30 https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/commit/?h=debian-patches/6.8.9.9-4-for-upstream&id=c504b8e1a1ca6f158f2d08bd33c62ce4865497ee https://bugzilla.redhat.com/show_bug.cgi?id=1343459

There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. Date published : 2017-03-30 http://www.securityfocus.com/bid/97272 https://success.trendmicro.com/solution/1116973

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the...

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate’s IPSengine is configured in flow mode. All FortiGate versions with...