Daniel Kobras

**Name of the Vulnerable Software and Affected Versions** Imagemagick versions 6.0 before 6.0.6.2 Imagemagick versions 6.2 before 6.2.4.5 **Description** The issue concerns multiple buffer overflows in Imagemagick, which can be triggered via crafted SGI images. The impact and attack vectors of this issue are user-assisted. **Recommendations** For Imagemagick versions 6.0 before 6.0.6.2, update to version 6.0.6.2 or later. For Imagemagick versions 6.2 before 6.2.4.5, update to version 6.2.4.5 or later.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.2.3 and other versions GraphicsMagick (affected versions not specified) Description: The issue is related to a format string vulnerability in the SetImageInfo function, which can be exploited by user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code. This can be achieved via a numeric format string specifier, such as `%d`, in the file name. Recommendations: For ImageMagick version 6.2.3, consider updating to a newer version that addresses this issue. For other affected ImageMagick versions, update to a version that includes the fix for this problem. For GraphicsMagick, at the moment, there is no information about a newer version that contains a fix for this vulnerability.