Stewie

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.3-10 ImageMagick versions 7.x prior to 7.0.1-1 **Description** The issue exists due to insufficient input validation in the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders of the ImageMagick console graphics editor. This allows a remote attacker to execute arbitrary code using metacharacters in a specially crafted image. **Recommendations** For ImageMagick versions prior to 6.9.3-10, update to version 6.9.3-10 or later. For ImageMagick versions 7.x prior to 7.0.1-1, update to version 7.0.1-1 or later. As a temporary workaround, consider disabling the vulnerable coders until a patch is available. Restrict access to the `EPHEMERAL`, `HTTPS`, `MVG`, `MSL`, `TEXT`, `SHOW`, `WIN`, and `PLT` coders to minimize the risk of exploitation. Avoid using shell metacharacters in crafted images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.3-10 ImageMagick versions 7.x prior to 7.0.1-1 **Description** The issue allows remote attackers to read arbitrary files via a crafted image. **Recommendations** For versions prior to 6.9.3-10, update to version 6.9.3-10 or later. For versions 7.x prior to 7.0.1-1, update to version 7.0.1-1 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 **Description** The issue is related to a directory traversal vulnerability in the PharData class of PHP. This vulnerability can be exploited by a remote attacker to modify arbitrary files by adding ".." symbols to the path name of a ZIP archive during an extractTo call. **Recommendations** For PHP versions prior to 5.4.44, update to version 5.4.44 or later. For PHP versions 5.5.x prior to 5.5.28, update to version 5.5.28 or later. For PHP versions 5.6.x prior to 5.6.12, update to version 5.6.12 or later.