Kirit1193

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue is related to a Null Pointer Dereference in the `Exiv2::DataValue::toLong` function in `value.cpp`, which can be triggered by crafted metadata in a TIFF file. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For Exiv2 version 0.26, consider applying a patch or fix that addresses the Null Pointer Dereference in the `Exiv2::DataValue::toLong` function to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.3 **Description** The issue is related to a heap-based buffer over-read, which may allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 4.9.3, update to version 4.9.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.7 through 7.0.9 **Description** The issue is related to the `ReadWPGImage` function in `coders/wpg.c`, which does not properly validate the colormap index in a WPG palette. This can be exploited by remote attackers using a malformed WPG file, potentially causing a denial of service due to the use of uninitialized data or invalid memory allocation. **Recommendations** For ImageMagick versions 7.0.7 through 7.0.9, consider disabling the `ReadWPGImage` function until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-6 **Description** The issue is related to the `ReadPSDImage` function in the `coders/psd.c` component of ImageMagick, which can cause a denial of service or possibly have other impacts via a crafted file. This is due to a conditional jump or move that depends on uninitialized value(s), potentially allowing a remote attacker to access confidential data, compromise its integrity, or cause a service disruption by exploiting the buffer data boundary. **Recommendations** For ImageMagick version 7.0.7-6, consider disabling the `ReadPSDImage` function in the `coders/psd.c` component as a temporary workaround until a patch is available. Restrict access to the `coders/psd.c` component to minimize the risk of exploitation. Avoid using the `ReadPSDImage` function with untrusted files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6 through 7.0.10 **Description** A NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c. This could allow an attacker to cause a Denial of Service by submitting a malformed image file, potentially affecting the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file. **Recommendations** For ImageMagick versions 7.0.6 through 7.0.10, consider updating to a version where this issue is fixed, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-1 **Description** The issue is related to the DrawGetStrokeDashArray function in the wand/drawing-wand.c component of the ImageMagick console graphic editor. It is associated with a null pointer dereference. Exploitation of this issue allows a remote attacker to cause a denial of service by providing a specially crafted image file. This can lead to an application crash in AcquireQuantumMemory within MagickCore/memory.c. **Recommendations** For ImageMagick version 7.0.7-1, consider disabling the DrawGetStrokeDashArray function as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the affected ImageMagick version to process untrusted image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6-10 **Description** The issue allows an attacker to cause a denial of service by sending a crafted JPEG file, exploiting the WriteTHUMBNAILImage function in coders/thumbnail.c. **Recommendations** For ImageMagick versions 7.0.6-10, consider disabling the WriteTHUMBNAILImage function until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6-10 **Description** The issue is related to a Null Pointer Dereference in the `IdentifyImage` function in `MagickCore/identify.c`. This allows an attacker to perform a denial of service by sending a crafted image file. The vulnerability can be exploited by a remote attacker to cause a service disruption using a specially crafted image file. **Recommendations** For ImageMagick versions 7.0.6-10, as a temporary workaround, consider disabling the `IdentifyImage` function until a patch is available. Restrict access to the `MagickCore/identify.c` component to minimize the risk of exploitation. Avoid using the affected `IdentifyImage` function in the `MagickCore/identify.c` file until the issue is resolved.