Aleksis Kauppinen

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.7.5 and earlier **Description** The issue allows remote attackers to cause a denial of service, potentially leading to memory corruption, and possibly execute arbitrary code. This is achieved through crafted offset and count values in the `ResolutionUnit` tag within the EXIF IFD0 of an image. **Recommendations** For ImageMagick versions 6.7.5 and earlier, update to a version later than 6.7.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.7.5 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and hang, by providing a crafted image. This image has an IFD that contains IOP tags, all of which reference the beginning of the IDF. **Recommendations** For ImageMagick versions 6.7.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.7.6-3 **Description** The issue allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. This occurs due to a problem in the GetEXIFProperty function in magick/property.c. **Recommendations** For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG files with potentially malformed EXIF tags until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.7.6-3 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, by utilizing a JPEG image with a crafted sequence of restart markers. This is related to the JPEGWarningHandler function in coders/jpeg.c. **Recommendations** For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.7.6-3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and crash, via a crafted EXIF IFD in a TIFF image. This is due to a problem in the TIFFGetEXIFProperties function in coders/tiff.c. **Recommendations** For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of TIFF images with crafted EXIF IFD to minimize the risk of exploitation.