Bryan Gonzalez

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the use of memory after it has been freed in the Win32k component of Windows operating systems. This can allow an attacker to elevate their privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Bluetooth Driver (affected versions not specified) **Description** The vulnerability is related to insufficient protection of service data in the Windows Bluetooth Driver, which can allow a remote attacker to gain unauthorized access to protected information. It enables attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.1.0-49 **Description** The issue is related to resource management errors in the ImageMagick graphic editor. Exploitation of this issue may allow a remote attacker to cause a denial of service using the `profile` parameter. When ImageMagick parses a PNG image, for example, for resizing, the convert process could be left waiting for stdin input. **Recommendations** For ImageMagick versions 7.1.0-49, consider disabling the convert process for PNG images until a patch is available to prevent potential denial of service attacks. Restrict access to the `profile` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.1.0-49 **Description** The issue is related to errors in processing input data, which can allow a remote attacker to access protected information using the `profile` parameter. When ImageMagick parses a PNG image, the resulting image could have embedded the content of an arbitrary file if the magick binary has permissions to read it. **Recommendations** For ImageMagick version 7.1.0-49, consider disabling the processing of external PNG images until a patch is available. Restrict access to the `profile` parameter to minimize the risk of exploitation. Avoid using the `profile` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.