Yangy-Xiao

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-50 **Description** The issue is related to a "use of uninitialized value" in the `ReadCUTImage` function in `coders/cut.c`. It is also described as a vulnerability due to insufficient input validation in the `ReadCUTImage` function, which could allow a remote attacker to access confidential information or cause a denial of service. **Recommendations** For versions prior to 7.0.8-50, update to version 7.0.8-50 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ReadCUTImage` function in `coders/cut.c` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-50 **Description** The issue is related to a memory leak in the ReadBMPImage function located in coders/bmp.c. **Recommendations** For versions prior to 7.0.8-50, update to version 7.0.8-50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-50 **Description** The issue is related to a memory leak in the ReadPSImage function in coders/ps.c. **Recommendations** For versions prior to 7.0.8-50, update to version 7.0.8-50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-50 **Description** The issue is related to a memory leak in the function ReadVIFFImage in coders/viff.c. **Recommendations** For versions prior to 7.0.8-50, update to version 7.0.8-50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-34 **Description** The issue is related to the use of an uninitialized value in the WriteJP2Image function in coders/jp2.c. This vulnerability is associated with incorrect initialization, which can be exploited by a remote attacker to gain access to confidential information or cause a denial of service. **Recommendations** For ImageMagick version 7.0.8-34, consider disabling the WriteJP2Image function in coders/jp2.c as a temporary workaround until a patch is available. Restrict access to the jp2.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-34 **Description** The issue is related to a memory leak in the ReadPCLImage function, located in coders/pcl.c. **Recommendations** For ImageMagick version 7.0.8-34, consider updating to a newer version that addresses the memory leak issue in the ReadPCLImage function.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-34 **Description** The issue is related to a memory leak in the WriteDPXImage function, located in coders/dpx.c. **Recommendations** For ImageMagick version 7.0.8-34, consider updating to a newer version that contains a fix for this memory leak issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-34 **Description** The issue is related to the use of an uninitialized value in the `SyncImageSettings` function in `MagickCore/image.c`, which is also connected to `AcquireImage` in `magick/image.c`. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For ImageMagick version 7.0.8-34, consider disabling the `SyncImageSettings` function as a temporary workaround until a patch is available. Restrict access to the `MagickCore/image.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-34 **Description** The issue is related to the use of an uninitialized value in the ReadPANGOImage function in coders/pango.c, which can lead to incorrect initialization. This can potentially allow a remote attacker to access confidential information or cause a denial of service. **Recommendations** For ImageMagick version 7.0.8-34, consider disabling the ReadPANGOImage function in coders/pango.c as a temporary workaround until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-50 **Description** The issue is caused by an integer overflow in the TIFFSeekCustomStream function. This can be exploited by a remote attacker to cause a denial of service by providing large input data. **Recommendations** For versions prior to 7.0.8-50, update to version 7.0.8-50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8 through 7.0.11 **Description** The issue is related to a missing check for length in the `ReadDCMImage` and `ReadPICTImage` functions, which can be exploited by remote attackers to cause a denial of service via a crafted image. This is due to insufficient input validation, allowing an attacker to disrupt service with a specially crafted file. **Recommendations** For ImageMagick versions 7.0.8 through 7.0.11, consider disabling the `ReadDCMImage` and `ReadPICTImage` functions until a patch is available to prevent potential denial of service attacks. Restrict access to the `coders/dcm.c` and `coders/pict.c` modules to minimize the risk of exploitation. Avoid using these functions with untrusted image files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-5 **Description** The issue is related to a memory leak in the function ReadOneJNGImage, located in coders/png.c. **Recommendations** For ImageMagick version 7.0.8-5, consider updating to a newer version that addresses the memory leak issue in the ReadOneJNGImage function.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-6 **Description** The issue is related to a memory leak in the TIFFWritePhotoshopLayers function, located in coders/tiff.c. **Recommendations** For ImageMagick version 7.0.8-6, consider updating to a newer version that addresses the memory leak issue in the TIFFWritePhotoshopLayers function.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8 through 7.0.11 **Description** The issue is related to excessive memory allocation in the `ReadBMPImage` and `ReadDIBImage` functions, which can be exploited by remote attackers to cause a denial of service using a specially crafted image file. This can lead to a denial of service. **Recommendations** For ImageMagick versions 7.0.8 through 7.0.11, consider updating to a version that fixes the excessive memory allocation issue in the `ReadBMPImage` and `ReadDIBImage` functions to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.3.0 **Description** An issue in OpenJPEG allows for a heap-based buffer overflow due to missing checks for `header info.height` and `header info.width` in the `pnmtoimage` function in `bin/jpwl/convert.c`. **Recommendations** For OpenJPEG version 2.3.0, consider applying checks for `header info.height` and `header info.width` in the `pnmtoimage` function to prevent the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.3.0 **Description** A heap-based buffer overflow was discovered in the `t2 encode packet` function in `lib/openmj2/t2.c`, causing an out-of-bounds write. This may lead to remote denial of service or possibly other unspecified impact. **Recommendations** For OpenJPEG version 2.3.0, as a temporary workaround, consider disabling the `t2 encode packet` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 2.3.0 **Description** The issue is related to division-by-zero errors in the `pi next pcrl`, `pi next cprl`, and `pi next rpcl` functions in the `lib/openjp3d/pi.c` file of the OpenJPEG library. This can be exploited by a remote attacker to cause a denial of service, resulting in an application crash. **Recommendations** For OpenJPEG versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider disabling the `pi next pcrl`, `pi next cprl`, and `pi next rpcl` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-4 **Description** The issue is related to the functions `ReadDCMImage`, `ReadPWPImage`, `ReadCALSImage`, and `ReadPICTImage` in the components `coders/dcm.c`, `coders/pwp.c`, `coders/cals.c`, and `coders/pict.c`, which do not check the return value of the `fputc` function. This allows remote attackers to cause a denial of service via a crafted image file. The exploitation of this issue can lead to a disruption in service. **Recommendations** For ImageMagick version 7.0.8-4, consider disabling the functions `ReadDCMImage`, `ReadPWPImage`, `ReadCALSImage`, and `ReadPICTImage` until a patch is available to prevent potential denial of service attacks. Restrict access to the components `coders/dcm.c`, `coders/pwp.c`, `coders/cals.c`, and `coders/pict.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue is related to a heap-based buffer over-read in the `Exiv2::Internal::PngChunk::keyTXTChunk` function of `pngchunk int.cpp`. This can be exploited by a crafted PNG file, potentially leading to a remote denial of service attack. The vulnerability is associated with a buffer overflow, which may allow a remote attacker to cause a service disruption. **Recommendations** For Exiv2 version 0.26, consider applying a patch or fix that addresses the heap-based buffer over-read in the `Exiv2::Internal::PngChunk::keyTXTChunk` function to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.1.2 **Description** The issue is related to a NULL pointer dereference in the `imagetobmp` function of `convertbmp.c` at line 980. Specifically, `image->comps[0].data` is not assigned a value after initialization, which remains `NULL`. This results in a Denial of Service impact. **Recommendations** For OpenJPEG version 2.1.2, as a temporary workaround, consider disabling the `imagetobmp` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.