Bestshow

Name of the Vulnerable Software and Affected Versions: GraphicsMagick version 1.3.26 Description: An allocation failure issue was found in the `ReadTIFFImage` function, located in `coders/tiff.c`, which can lead to a denial of service when processing a crafted file. The issue arises because the file size is not properly used to restrict `scanline`, `strip`, and `tile` allocations. Recommendations: For GraphicsMagick version 1.3.26, as a temporary workaround, consider restricting the use of the `ReadTIFFImage` function in `coders/tiff.c` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: GraphicsMagick version 1.3.26 Description: An issue was discovered that allows attackers to cause a denial of service via a crafted file. The problem is related to an allocation failure in the `ReadOnePNGImage` function in `coders/png.c`, which attempts a large `png pixels` array allocation. Recommendations: For GraphicsMagick version 1.3.26, as a temporary workaround, consider restricting the use of the `ReadOnePNGImage` function in `coders/png.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: GraphicsMagick version 1.3.26 Description: The issue is related to the ReadOneJNGImage and ReadJNGImage functions in GraphicsMagick, which can be exploited by remote attackers using a crafted file. This can cause a denial of service due to a use-after-free error in magick/blob.c when CloseBlob is called, and may have other unspecified impacts. Recommendations: For GraphicsMagick version 1.3.26, consider avoiding the use of the ReadOneJNGImage and ReadJNGImage functions until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.7-1 Q16 Description: A memory exhaustion issue was found in the `ReadTIFFImage` function in `coders/tiff.c`, which allows remote attackers to cause a denial of service via a crafted file. The vulnerability is related to resource management errors and can be exploited by an attacker to cause a service disruption using a specially formed file. Recommendations: For ImageMagick version 7.0.7-1 Q16, consider disabling the `ReadTIFFImage` function in `coders/tiff.c` as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** A memory leak issue was discovered in the function ReadMATImage in coders/mat.c. **Recommendations** For GraphicsMagick version 1.3.26, consider updating to a newer version to mitigate the risk, however at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** An allocation failure issue was discovered in the ReadMNGImage function, located in coders/png.c, when processing a small MNG file containing a MEND chunk with a large length value. **Recommendations** For GraphicsMagick version 1.3.26, consider avoiding the use of the ReadMNGImage function in coders/png.c until a patch is available. As a temporary workaround, restrict the processing of MNG files with large length values in the MEND chunk to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.9-4 and 7.0.6-4 **Description** A memory leak can occur in ImageMagick when processing a crafted file, specifically in the ReadOnePNGImage function within coders/png.c. **Recommendations** For versions prior to 6.9.9-4, update to version 6.9.9-4 or later. For versions prior to 7.0.6-4, update to version 7.0.6-4 or later.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a memory leak in the `CloneImage` function located in `magick/image.c`. **Recommendations** For GraphicsMagick version 1.3.26, update to a newer version that contains a fix for this memory leak issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6 through 7.0.8 **Description** The issue is related to the load level function in coders/xcf.c, which lacks offset validation. This allows attackers to cause a denial of service via a crafted file, resulting in load tile memory exhaustion. The vulnerability can be exploited by a remote attacker using a specially formed file. **Recommendations** For ImageMagick versions 7.0.6 through 7.0.8, consider updating to a version that includes the fix for the load level function offset validation issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a NULL pointer dereference vulnerability in the `SVGStartElement` function, located in `coders/svg.c`, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the `SVGStartElement` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-3 **Description** A memory leak issue was discovered in the ReadOneMNGImage function in coders/png.c, allowing attackers to cause a denial of service. **Recommendations** For ImageMagick version 7.0.6-3, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-3 **Description** The issue allows attackers to cause a denial of service, specifically a memory leak, by utilizing a crafted file. This is related to the ReadPICTImage function in coders/pict.c. **Recommendations** For ImageMagick version 7.0.6-3, consider updating to a newer version that addresses this issue, as using a crafted file can lead to a denial of service due to a memory leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-2 **Description** A memory leak issue was discovered in the ReadMATImage function in coders/mat.c, allowing attackers to cause a denial of service. **Recommendations** For ImageMagick version 7.0.6-2, as a temporary workaround, consider disabling the ReadMATImage function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6-1 **Description** The issue is related to a use-after-free vulnerability in the ReadWMFImage function in coders/wmf.c. This vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For ImageMagick version 7.0.6-1, consider disabling the ReadWMFImage function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** A memory exhaustion issue was found in the `ReadPCXImage` function in `coders/pcx.c`, allowing attackers to cause a denial of service. This issue can be exploited by a remote attacker to disrupt service. **Recommendations** For ImageMagick version 7.0.6-1, consider disabling the `ReadPCXImage` function in `coders/pcx.c` as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6-5 **Description** The issue is related to a lack of input validation in the ReadPSDLayersInternal function of the coders/psd.c component. This allows a remote attacker to cause a denial of service by providing a specially crafted file, leading to memory exhaustion in the ReadPSDImage function. **Recommendations** For ImageMagick version 7.0.6-5, consider restricting the use of the ReadPSDLayersInternal function until a patch is available. As a temporary workaround, avoid using the coders/psd.c component with untrusted input files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QPDF version 6.0.0 **Description** A stack-consumption issue was found in libqpdf, related to the `PointerHolder` function in `PointerHolder.hh`, which can cause a denial of service via a crafted file. This issue is associated with an infinite loop, allowing a remote attacker to exploit it and cause a service disruption. **Recommendations** For QPDF version 6.0.0, consider disabling the `PointerHolder` function as a temporary workaround until a patch is available. Restrict access to crafted files that could exploit this issue to minimize the risk of service disruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QPDF version 6.0.0 **Description** A stack-consumption issue was found in libqpdf, related to the `QPDF::resolveObjectsInStream` function, which can cause a denial of service via a crafted file, resulting in an infinite loop. This issue may allow a remote attacker to cause a denial of service. **Recommendations** For QPDF version 6.0.0, consider disabling the `QPDF::resolveObjectsInStream` function until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-2 **Description** A CPU exhaustion issue was found in the `ReadPDBImage` function in `coders/pdb.c`, allowing attackers to cause a denial of service. This can be exploited by a remote attacker to disrupt service. **Recommendations** For ImageMagick version 7.0.6-2, consider disabling the `ReadPDBImage` function in `coders/pdb.c` as a temporary workaround to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-2 **Description** A memory exhaustion issue was found in the `ReadPSDImage` function in `coders/psd.c`, which can be exploited by remote attackers to cause a denial of service. The vulnerability is related to resource management errors and can lead to a denial of service when exploited. **Recommendations** For ImageMagick version 7.0.6-2, consider disabling the `ReadPSDImage` function in `coders/psd.c` as a temporary workaround to minimize the risk of exploitation. Restrict access to the `coders/psd.c` module to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.