Boo0M

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.x through 6.9.10-41 ImageMagick versions 7.x through 7.0.8-41 **Description** The issue is related to a use after free vulnerability in the UnmapBlob function. This vulnerability allows an attacker to cause a denial of service by sending a crafted file. **Recommendations** For ImageMagick versions 6.x through 6.9.10-41, update to version 6.9.10-42 or later. For ImageMagick versions 7.x through 7.0.8-41, update to version 7.0.8-42 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.0 through 7.0.8-40 ImageMagick versions 6.0.0 through 6.9.10-40 **Description** The issue is related to a divide-by-zero vulnerability in the `MeanShiftImage` function. This vulnerability allows an attacker to cause a denial of service by sending a crafted file, potentially leading to a remote disruption of service. **Recommendations** For ImageMagick versions 7.0.0 through 7.0.8-40, update to version 7.0.8-41 or later. For ImageMagick versions 6.0.0 through 6.9.10-40, update to version 6.9.10-41 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-8 **Description** A NULL pointer dereference issue exists in the CheckEventLogging function in MagickCore/log.c. **Recommendations** For versions prior to 7.0.8-8, update to version 7.0.8-8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-8 **Description** The issue is related to a NULL pointer dereference in the GetMagickProperty function in MagickCore/property.c. This could allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 7.0.8-8, update to version 7.0.8-8 or later to resolve the issue. As a temporary workaround, consider restricting access to the GetMagickProperty function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-7 **Description** The issue is related to the `ReadMATImageV4` function in the `coders/mat.c` component of ImageMagick, which uses an uninitialized variable. This leads to memory corruption. Exploitation of the issue allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For ImageMagick version 7.0.8-7, consider disabling the `ReadMATImageV4` function as a temporary workaround until a patch is available. Restrict access to the `coders/mat.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.