Thomas Jarosch

**Name of the Vulnerable Software and Affected Versions** Horde Image versions 2.0.0 through 2.5.1 **Description** A Remote Code Execution issue has been found in the Horde Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. This issue is not exploitable through any Horde application, as the vulnerable code path is not used by any Horde code. However, custom applications using the Horde Image library might be affected. The problem stems from missing input validation of the `index` field in ` raw()` during the construction of an ImageMagick command line. **Recommendations** For Horde Image versions 2.0.0 through 2.5.1, update to version 2.5.2 to resolve the issue. As a temporary workaround, consider disabling the use of the "Im" backend or restricting access to the ` raw()` function until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** file versions prior to the version containing commit 35c94dc6acc418f1ad7f6241a6680e5327495793 **Description** The issue allows an attacker to overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This can be exploited by leveraging a specially crafted ELF binary. **Recommendations** For versions prior to the version containing commit 35c94dc6acc418f1ad7f6241a6680e5327495793, update to a version that includes the fix from commit 35c94dc6acc418f1ad7f6241a6680e5327495793 to resolve the issue. As a temporary workaround, consider restricting the use of the `file()` function with untrusted ELF binaries until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Horde Image versions prior to 2.5.0 **Description** A Denial of Service issue was discovered in Horde Image via a crafted URL to the "Null" image driver. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Horde Image versions prior to 2.5.0 **Description** A Remote Code Execution issue was discovered, which can be exploited via a crafted GET request. This issue requires authentication to be exploited. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** file versions prior to 5.21 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption or a crash. This can be achieved by providing a large number of program or section headers, or by utilizing invalid capabilities. **Recommendations** For versions prior to 5.21, update to version 5.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** File versions through 5.20 PHP version 5.4.34 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted ELF file. This is due to the donote function in readelf.c not ensuring sufficient note headers are present. **Recommendations** For File versions through 5.20, update to a version that fixes the donote function issue in readelf.c. For PHP version 5.4.34, consider disabling the Fileinfo component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Postfix versions prior to 2.5.13 Postfix versions 2.6.x prior to 2.6.10 Postfix versions 2.7.x prior to 2.7.4 Postfix versions 2.8.x prior to 2.8.3 **Description** The issue is related to the SMTP server in Postfix when certain Cyrus SASL authentication methods are enabled. It does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method. **Recommendations** For Postfix versions prior to 2.5.13, update to version 2.5.13 or later. For Postfix versions 2.6.x prior to 2.6.10, update to version 2.6.10 or later. For Postfix versions 2.7.x prior to 2.7.4, update to version 2.7.4 or later. For Postfix versions 2.8.x prior to 2.8.3, update to version 2.8.3 or later.