Suhwansong

**Nome do software vulnerável e versões afetadas** Libsixel versão 1.8.2 **Descrição** O problema está relacionado a um estouro de buffer baseado em heap na função `dither func fs` no arquivo `tosixel.c`. Isso pode ser explorado por um invasor remoto para acessar dados confidenciais, comprometer a integridade dos dados e causar uma negação de serviço. **Recomendações** Para a versão 1.8.2 do Libsixel, considere desativar a função `dither func fs` como uma solução temporária até que um patch esteja disponível. Restrinja o acesso ao componente `tosixel.c` para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.4 **Description** A heap-based buffer overflow issue was found in the `gif out code` function at `fromgif.c`. **Recommendations** For libsixel version 1.8.4, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Libsixel version 1.8.4 **Description** A heap-based buffer overflow in the `sixel encoder output without macro` function in `encoder.c` of Libsixel allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format. **Recommendations** For Libsixel version 1.8.4, consider disabling the `sixel encoder output without macro` function until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libsixel version 1.8.3 **Description** The issue is related to a heap-based buffer overflow in the `sixel encode highcolor` function in `tosixel.c`. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Libsixel version 1.8.3, consider disabling the `sixel encode highcolor` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image.h (aka the stb image loader) version 2.23 **Description** The issue is a heap-based buffer over-read in the `stbi load main` function. This problem affects products that use the stb image loader, including libsixel. **Recommendations** For version 2.23, consider updating to a newer version that contains a fix for this issue, as using an outdated version poses a risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.2 **Description** A heap-based buffer over-read issue was discovered in the `load sixel` function at `loader.c`. **Recommendations** For libsixel version 1.8.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-54 Q16 **Description** The issue is related to a division by zero error in the RemoveDuplicateLayers function within the MagickCore/layer.c component of the ImageMagick console graphic editor. This error can be exploited by a remote attacker to cause a denial of service. **Recommendations** For ImageMagick version 7.0.8-54 Q16, consider disabling the RemoveDuplicateLayers function in MagickCore/layer.c as a temporary workaround until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is related to a heap-based buffer over-read in the AdaptiveThresholdImage function, located in MagickCore/threshold.c. This occurs due to improper handling of a zero-width value. Exploitation of this issue could allow a remote attacker to cause a denial of service or disclose sensitive information by using a specially crafted image. **Recommendations** For ImageMagick version 7.0.8-50, consider disabling the AdaptiveThresholdImage function as a temporary workaround until a patch is available. Restrict access to the threshold.c module in MagickCore to minimize the risk of exploitation. Avoid using the AdaptiveThresholdImage function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-50 Q16 **Description** The issue is related to a heap-based buffer overflow in the ComplexImage function, located in MagickCore/fourier.c. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service by exploiting the buffer overflow. **Recommendations** For ImageMagick version 7.0.8-50 Q16, consider disabling the ComplexImage function in MagickCore/fourier.c as a temporary workaround until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is related to a heap-based buffer overflow in the EvaluateImages function of the ImageMagick console graphic editor. This overflow occurs due to mishandling of rows in the MagickCore/statistic.c file. Exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For ImageMagick version 7.0.8-50, consider disabling the EvaluateImages function as a temporary workaround until a patch is available. Restrict access to the affected MagickCore/statistic.c file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-50 Q16 **Description** The issue is related to a stack-based buffer overflow in the WritePNMImage function at coders/pnm.c, caused by off-by-one errors. This can be exploited by a remote attacker using a specially crafted image, potentially leading to denial of service or execution of arbitrary code. **Recommendations** For ImageMagick version 7.0.8-50 Q16, as a temporary workaround, consider disabling the WritePNMImage function until a patch is available. Restrict access to the coders/pnm.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is related to a buffer overflow in the WritePNMImage function in the coders/pnm.c file of the ImageMagick console graphic editor. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For ImageMagick version 7.0.8-50, consider disabling the WritePNMImage function in coders/pnm.c as a temporary workaround until a patch is available. Restrict the use of the ImageMagick console graphic editor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-50 Q16 **Description** The issue is related to a heap-based buffer over-read in the AdaptiveThresholdImage function at MagickCore/threshold.c. This occurs because a height of zero is mishandled. Exploitation of this issue may allow a remote attacker to cause a denial of service or disclose sensitive information using a specially crafted image. **Recommendations** For ImageMagick version 7.0.8-50 Q16, as a temporary workaround, consider disabling the AdaptiveThresholdImage function until a patch is available. Restrict access to the threshold.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is related to a heap-based buffer overflow in the EvaluateImages function of the MagickCore/statistic.c module. This can be exploited by a remote attacker using a specially crafted image, potentially leading to denial of service or execution of arbitrary code. **Recommendations** For ImageMagick version 7.0.8-50, consider disabling the EvaluateImages function in the MagickCore/statistic.c module as a temporary workaround until a patch is available. Restrict the use of the ImageMagick software to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 Q16 **Description** The issue is related to a stack-based buffer overflow in the WritePNMImage function, located in coders/pnm.c, due to a misplaced strncpy and an off-by-one error. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For ImageMagick version 7.0.8-50 Q16, consider disabling the WritePNMImage function in coders/pnm.c as a temporary workaround until a patch is available. Restrict the use of the `strncpy` function to minimize the risk of exploitation. Avoid using the off-by-one error prone code in the WritePNMImage function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is related to a heap-based buffer over-read in the GetPixelChannel function, located in MagickCore/pixel-accessor.h. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or disclosure of protected information. **Recommendations** For ImageMagick version 7.0.8-50, consider disabling the GetPixelChannel function as a temporary workaround until a patch is available. Restrict access to the pixel-accessor.h module to minimize the risk of exploitation. Avoid using the GetPixelChannel function in the affected ImageMagick version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-50 Q16 **Description** The issue is related to a heap-based buffer overflow in the SetPixelViaPixelInfo function due to an error in MagickCore/enhance.c. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or the execution of arbitrary code. The vulnerability is associated with a buffer overflow in dynamic memory. **Recommendations** For ImageMagick version 7.0.8-50 Q16, consider disabling the SetPixelViaPixelInfo function as a temporary workaround until a patch is available. Restrict access to the pixel-accessor.h module to minimize the risk of exploitation. Avoid using the affected function with untrusted image inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is caused by resource management errors in the CLIListOperatorImages() function of the ImageMagick console graphic editor. This can be exploited by a remote attacker to cause a denial of service. The error occurs due to direct memory leaks in AcquireMagickMemory when handling a NULL value in the CLIListOperatorImages function in MagickWand/operation.c. **Recommendations** For ImageMagick version 7.0.8-50, consider restricting access to the `CLIListOperatorImages()` function until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-50 **Description** The issue is related to a buffer over-read in the CompositeImage function of the MagickCore/composite.c module. This can be exploited by a remote attacker using a specially crafted image, potentially leading to denial of service or execution of arbitrary code. **Recommendations** For ImageMagick version 7.0.8-50, consider disabling the CompositeImage function in the MagickCore/composite.c module as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-50 Q16 **Description** The issue is related to a heap-based buffer over-read in the ComplexImages function, located in MagickCore/fourier.c. This can be exploited by a remote attacker using a specially crafted image, potentially leading to a denial of service or the disclosure of protected information. **Recommendations** For ImageMagick version 7.0.8-50 Q16, consider restricting the use of the ComplexImages function in MagickCore/fourier.c until a patch is available. As a temporary workaround, avoid using the ComplexImages function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.