Bastien Roucariès

**Name of the Vulnerable Software and Affected Versions** BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.46 BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.46-S1 BIND versions 9.20.9-S1 through 9.20.20-S1 **Description** A maliciously crafted DNS zone can cause excessive CPU consumption in a BIND resolver performing DNSSEC validation. Authoritative-only servers are generally not affected, but may be vulnerable if they make recursive queries. **Recommendations** Update BIND to a version beyond 9.16.50. Update BIND to a version beyond 9.18.46. Update BIND to a version beyond 9.20.20. Update BIND to a version beyond 9.21.19. Update BIND to a version beyond 9.16.50-S1. Update BIND to a version beyond 9.18.46-S1. Update BIND to a version beyond 9.20.20-S1.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.8-10 ImageMagick versions 7.x prior to 7.6.0-0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit, via a crafted file. This is due to a problem in the WriteBlob function in MagickCore/blob.c. **Recommendations** For ImageMagick versions prior to 6.9.8-10, update to version 6.9.8-10 or later. For ImageMagick versions 7.x prior to 7.6.0-0, update to version 7.6.0-0 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 6.9.7 **Description** A specially crafted psd file could lead to a NULL pointer dereference, resulting in a denial of service (DoS). **Recommendations** For ImageMagick version 6.9.7, consider updating to a newer version that contains a fix for this issue, as using a specially crafted psd file could lead to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 6.9.7 **Description** A specially crafted xcf file could lead to a NULL pointer dereference in ImageMagick. **Recommendations** For ImageMagick version 6.9.7, consider avoiding the use of xcf files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** The issue is related to a missing malloc check in the coders/ipl.c component of ImageMagick, which can be exploited by remote attackers to have an unspecific impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** The issue is related to multiple memory leaks in the caption and label handling code, allowing remote attackers to cause a denial of service due to memory consumption via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** The issue is caused by an off-by-one error in the coders/wpg.c component of ImageMagick. This error allows remote attackers to have an unspecified impact via vectors related to a string copy. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.