Butterflyhack

**Nome do software vulnerável e versões afetadas** Anchor CMS versão 0.12.7 **Descrição** A vulnerabilidade permite que invasores realizem um ataque de falsificação de solicitação entre sites (CSRF) por meio do componente anchor/routes/posts.php, possibilitando a exclusão arbitrária de publicações. **Recomendações** Para a versão 0.12.7 do Anchor CMS, considere desativar o acesso ao componente `anchor/routes/posts.php` até que uma correção esteja disponível para impedir a exclusão arbitrária de publicações.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-35 **Description** The issue is related to a memory leak in the coders/dps.c file, which can be demonstrated through the `XCreateImage` function. **Recommendations** For ImageMagick version 7.0.8-35, consider restricting access to the `coders/dps.c` file or the `XCreateImage` function as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-35 **Description** The issue is related to a memory leak in the coders/dot.c file of ImageMagick, as demonstrated by the AcquireMagickMemory function in MagickCore/memory.c. **Recommendations** For ImageMagick version 7.0.8-35, consider updating to a newer version that addresses the memory leak issue in the coders/dot.c file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-40 **Description** The issue is related to a memory leak in the Huffman2DEncodeImage function, located in the coders/ps2.c file. **Recommendations** For ImageMagick version 7.0.8-40, consider updating to a newer version that addresses the memory leak issue in the Huffman2DEncodeImage function.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-35 **Description** The issue is related to a memory leak in the magick/xwindow.c file of ImageMagick, specifically concerning the XCreateImage function. **Recommendations** For ImageMagick version 7.0.8-35, consider updating to a newer version that addresses the memory leak issue in the magick/xwindow.c file.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-43 **Description** The issue is related to a memory leak in the coders/dot.c file of ImageMagick, which can be demonstrated by the PingImage function in MagickCore/constitute.c. **Recommendations** For ImageMagick version 7.0.8-43, consider updating to a newer version that addresses the memory leak issue, as no specific fix is provided for this version.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-43 **Description** The issue is related to a memory leak in the `Huffman2DEncodeImage` function, located in the `coders/ps3.c` file, as demonstrated by the `WritePS3Image` function. This memory leak can potentially lead to issues with system performance and stability. **Recommendations** For ImageMagick version 7.0.8-43, consider applying a patch or fix to address the memory leak in the `Huffman2DEncodeImage` function. As a temporary workaround, consider restricting the use of the `WritePS3Image` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hunspell version 1.7.0 **Description** The issue is related to an invalid read operation in the `SuggestMgr::leftcommonsubstring` function of the `suggestmgr.cxx` component. This is a buffer overflow vulnerability that can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Hunspell version 1.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.