Bastien Roucaries

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.9-0 and 7.0.6-1 **Description** A crafted PNG file could trigger a crash in ImageMagick due to an insufficient check for short files. **Recommendations** For versions prior to 6.9.9-0, update to version 6.9.9-0 or later. For versions prior to 7.0.6-1, update to version 7.0.6-1 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.8-5 ImageMagick versions 7.x prior to 7.0.5-6 **Description** There is a memory leak in the ReadMATImage function in coders/mat.c. **Recommendations** For versions prior to 6.9.8-5, update to version 6.9.8-5 or later. For versions 7.x prior to 7.0.5-6, update to version 7.0.5-6 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.9-3 and 7.0.6-3 **Description** The issue is related to a missing NULL check in the `ReadMATImage` function in `coders/mat.c`, which can be exploited by a remote attacker to cause a denial of service. This results in an assertion failure and application exit in the `DestroyImageInfo` function in `MagickCore/image.c`. **Recommendations** For ImageMagick versions prior to 6.9.9-3, update to version 6.9.9-3 or later. For ImageMagick versions prior to 7.0.6-3, update to version 7.0.6-3 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.9-0 ImageMagick versions 7.x prior to 7.0.6-1 **Description** The issue is related to an out-of-bounds read in the ReadOneMNGImage function, located in coders/png.c. This function is part of the ImageMagick console graphic editor. The out-of-bounds read occurs with the MNG CLIP chunk. Exploitation of this issue may allow a remote attacker to perform an out-of-bounds memory read. **Recommendations** For ImageMagick versions prior to 6.9.9-0, update to version 6.9.9-0 or later. For ImageMagick versions 7.x prior to 7.0.6-1, update to version 7.0.6-1 or later.