Allan Zhou

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.4 snapshot-20171217 Q8 **Description** The issue is related to a heap-based buffer over-read in the ReadNewsProfile function, located in coders/tiff.c. This occurs because LocaleNCompare reads data from the heap beyond the allocated region. **Recommendations** For GraphicsMagick version 1.4 snapshot-20171217 Q8, consider applying a patch or fix that addresses the heap-based buffer over-read issue in the ReadNewsProfile function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.4 snapshot-20171217 Q8 **Description** The issue is related to a stack-based buffer over-read in the `WriteWEBPImage` function in `coders/webp.c`, which is caused by an incompatibility with libwebp versions 0.5.0 and later that use a different structure type. This could potentially allow a remote attacker to execute arbitrary code due to a buffer overflow error. **Recommendations** For GraphicsMagick version 1.4 snapshot-20171217 Q8, consider disabling the `WriteWEBPImage` function in `coders/webp.c` as a temporary workaround until a patch is available. Restrict access to the `webp.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.4 snapshot-20171217 Q8 **Description** The issue is related to a heap-based buffer over-read in the `ReadMNGImage` function, located in `coders/png.c`. This error can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For GraphicsMagick version 1.4 snapshot-20171217 Q8, consider disabling the `ReadMNGImage` function in `coders/png.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.27a **Description** The issue is related to a heap-based buffer over-read in the `ReadOneJNGImage` function in `coders/png.c`, specifically concerning the oFFs chunk allocation. This can potentially allow a remote attacker to execute arbitrary code due to a buffer overflow error. **Recommendations** For GraphicsMagick version 1.3.27a, consider disabling the `ReadOneJNGImage` function in `coders/png.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.27a **Description** The issue is related to a buffer over-read error in the ReadPALMImage function, located in coders/palm.c, when QuantumDepth is set to 8. This error can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For GraphicsMagick version 1.3.27a, consider disabling the ReadPALMImage function in coders/palm.c until a patch is available to prevent potential exploitation. Restrict access to the `ReadPALMImage` function to minimize the risk of exploitation when QuantumDepth is 8. At the moment, there is no information about a newer version that contains a fix for this vulnerability.