Zz

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.4 snapshot-20171217 Q8 **Description** The issue is related to a heap-based buffer over-read in the ReadNewsProfile function, located in coders/tiff.c. This occurs because LocaleNCompare reads data from the heap beyond the allocated region. **Recommendations** For GraphicsMagick version 1.4 snapshot-20171217 Q8, consider applying a patch or fix that addresses the heap-based buffer over-read issue in the ReadNewsProfile function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-16 Q16 x86 64 **Description** The issue is related to a heap-based buffer over-read in the ReadOneMNGImage function, specifically in the coders/png.c file. This is caused by an off-by-one error related to length calculation. **Recommendations** For ImageMagick version 7.0.7-16 Q16 x86 64, consider updating to a newer version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-16 **Description** The issue is related to a stack-based buffer over-read in the WriteWEBPImage function in coders/webp.c. This is connected to a check for WEBP DECODER ABI VERSION. **Recommendations** For ImageMagick version 7.0.7-16, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict the use of the WriteWEBPImage function in coders/webp.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.4 snapshot-20171217 Q8 **Description** The issue is related to a heap-based buffer over-read in the `ReadMNGImage` function, located in `coders/png.c`. This error can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For GraphicsMagick version 1.4 snapshot-20171217 Q8, consider disabling the `ReadMNGImage` function in `coders/png.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.