Ibrahim El-Sayed

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library versions prior to 2.2.4 **Description** The issue is related to a double free vulnerability in the `gdImageWebPtr` function of the GD Graphics Library. This vulnerability can be exploited by a remote attacker using large width and height values, potentially allowing for unspecified impact. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of large width and height values in the `gdImageWebPtr` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library (aka libgd) versions prior to 2.2.4 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer in the `read image tga` function. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `read image tga` function in gd tga.c until a patch is available. Avoid using the decompression buffer with untrusted TGA files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Little CMS (aka lcms2) (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. This is due to the `Type MLU Read` function in `cmstypes.c`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library versions prior to 2.2.4 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. This is related to the dynamicGetbuf function. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of TIFF images until the update is applied.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.5-4 ImageMagick versions 7.x prior to 7.0.2-6 **Description** The issue is related to a buffer overflow in the Get8BIMProperty function, which can be exploited by remote attackers using a crafted image. This can lead to a denial of service, resulting in an out-of-bounds read, memory leak, and crash. **Recommendations** For ImageMagick versions prior to 6.9.5-4, update to version 6.9.5-4 or later. For ImageMagick versions 7.x prior to 7.0.2-6, update to version 7.0.2-6 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.2-1 **Description** The issue is related to an integer overflow in the MagickCore/profile.c component of ImageMagick. This can be exploited by remote attackers to cause a denial of service, resulting in a segmentation fault, or potentially execute arbitrary code. The exploitation involves vectors related to the `offset` variable. **Recommendations** For versions prior to 7.0.2-1, update to version 7.0.2-1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** myCare2x (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters to various PHP files. The affected parameters include `name last`, `name first`, `name middle`, and `name maiden` in 'mycare pid.php', `favorites` and `lang` in 'mycare ward print.php', `aktion` and `callurl` in 'mycare2x pat info.php', and `ln` in 'mycare2x proc search.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** myCare2x (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different PHP files, including `aktion` or `callurl` in 'modules/patient/mycare2x pat info.php', `dept nr` or `pid` in 'modules/importer/mycare2x importer.php', `myOpsEintrag` or `keyword` in a 'Suchen' action to 'modules/drg/mycare2x proc search.php', or `name last` or `pid` in 'modules/patient/mycare pid.php'. **Recommendations** For myCare2x, consider restricting access to the vulnerable parameters `aktion`, `callurl`, `dept nr`, `pid`, `myOpsEintrag`, `keyword`, `name last` to minimize the risk of exploitation. As a temporary workaround, consider disabling the SQL execution functionality in the affected PHP files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.