Laszlo Boszormenyi

Nome do Software Vulnerável e Versões Afetadas: Versões do GraphicsMagick anteriores a 8e56520 Descrição: O problema está relacionado a uma leitura excessiva de buffer baseada em heap na função ReadJXLImage em coders/jxl.c, vinculada a uma chamada ImportViewPixelArea. Recomendações: Para versões anteriores a 8e56520, atualize para uma versão que inclua a correção para o problema de leitura excessiva de buffer baseada em heap.

**Name of the Vulnerable Software and Affected Versions** GNU patch versions 2.7.2 and earlier **Description** The issue is related to errors in resource management, specifically memory consumption, which can lead to a denial of service. This can be triggered by a remote attacker using a crafted diff file, resulting in a segmentation fault. The estimated number of potentially affected devices is not specified. **Recommendations** For GNU patch versions 2.7.2 and earlier, update to a version later than 2.7.2 to resolve the issue. As a temporary workaround, consider restricting the use of crafted diff files to minimize the risk of exploitation.