Opensuse Project Leap vulnerabilities

CVE-2014-9842 [HIGH] CWE-400 CVE-2014-9842: Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attac Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

CVE-2014-9850 [HIGH] CWE-399 CVE-2014-9850: Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource co Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).

CVE-2014-9848 [HIGH] CWE-399 CVE-2014-9848: Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption) Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

CVE-2014-9849 [HIGH] CWE-400 CVE-2014-9849: The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).

CVE-2014-9851 [HIGH] CWE-20 CVE-2014-9851: ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).

CVE-2014-9844 [MEDIUM] CWE-125 CVE-2014-9844: The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

CVE-2014-9845 [MEDIUM] CWE-119 CVE-2014-9845: The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial o The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

CVE-2017-5938 [MEDIUM] CWE-79 CVE-2017-5938: Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

CVE-2016-10068 [MEDIUM] CWE-20 CVE-2016-10068: The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of servi The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

CVE-2016-10069 [MEDIUM] CWE-20 CVE-2016-10069: coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (app coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.

CVE-2016-5316 [MEDIUM] CWE-125 CVE-2016-5316: Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier al Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.

CVE-2016-9436 [MEDIUM] CWE-20 CVE-2016-9436: parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

CVE-2016-9435 [MEDIUM] CWE-20 CVE-2016-9435: The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize val The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

CVE-2016-5317 [MEDIUM] CWE-119 CVE-2016-5317: Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libti Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.

CVE-2015-5218 [LOW] CWE-119 CVE-2015-5218: Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cau Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.