Smilebugs

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-24 Q16 **Description** A heap-based buffer over-read issue exists in the IsWEBPImageLossless function in coders/webp.c. **Recommendations** For ImageMagick version 7.0.7-24 Q16, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-25 Q16 **Description** The issue is related to the `WriteEPTImage` function in the `coders/ept.c` component of ImageMagick, which allows remote attackers to cause a denial of service, potentially leading to an application crash due to a double free error in `MagickCore/memory.c`. It may also have other unspecified impacts via a crafted file. Exploitation of this issue could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. **Recommendations** For ImageMagick version 7.0.7-25 Q16, consider disabling the `WriteEPTImage` function in `coders/ept.c` as a temporary workaround until a patch is available. Restrict access to potentially vulnerable files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libfpx version 1.3.1-10 ImageMagick versions 7.0.7-22 Q16 **Description** The issue allows remote attackers to cause a denial of service, specifically a stack-based buffer under-read, by using a crafted bmp image. This is related to the OLEProperty class in ole/oleprop.cpp. **Recommendations** For libfpx version 1.3.1-10, update to a version that fixes the issue in the OLEProperty class. For ImageMagick versions 7.0.7-22 Q16, consider restricting the processing of crafted bmp images until a patch is available.