Yan-1-20

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8 through 7.0.11 **Description** The issue is caused by a heap-based buffer over-read in the `PushShortPixel` function, located in `MagickCore/quantum-private.h`, which can be exploited by a remote attacker to execute arbitrary code. This function is called from the `ParseImageResourceBlocks` function in `coders/psd.c`. **Recommendations** For ImageMagick versions 7.0.8 through 7.0.11, consider disabling the `PushShortPixel` function as a temporary workaround until a patch is available. Restrict access to the `ParseImageResourceBlocks` function in `coders/psd.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-11 Q16 **Description** The issue is related to a heap-based buffer over-read in the `ParseImageResourceBlocks` function, located in `coders/psd.c`. This can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code. **Recommendations** For ImageMagick version 7.0.8-11 Q16, consider disabling the `ParseImageResourceBlocks` function as a temporary workaround until a patch is available. Restrict access to the `coders/psd.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.