Cristy

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.13-44 ImageMagick versions prior to 7.1.2-19 **Description** A heap use-after-free issue occurs when reading and printing values from an invalid XMP profile, which can lead to a crash. **Recommendations** Update to version 6.9.13-44 or later. Update to version 7.1.2-19 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.1-44 **Description** The issue is related to the mishandling of `packet size` in multispectral MIFF image processing, which is connected to the rendering of all channels in an arbitrary order. **Recommendations** For versions prior to 7.1.1-44, update to version 7.1.1-44 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.9-0 **Description** The issue is related to the implementation of XML PARSE HUGE in the ImageMagick console graphic editor, specifically in the coders/svg.c file, and is connected to insufficient input validation. This can be exploited by a remote attacker to cause a denial of service, potentially related to SVG and libxml2. **Recommendations** For versions prior to 7.0.9-0, update to version 7.0.9-0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.4-5 **Description** The issue is related to a buffer overflow in the `magick/memory.c` file of ImageMagick, which can be triggered by "too many exceptions" vectors, leading to a denial of service (application crash). This can be exploited by remote attackers. **Recommendations** For versions prior to 6.9.4-5, update to version 6.9.4-5 or later to resolve the issue. As a temporary workaround, consider restricting the input to prevent the buffer overflow until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.4-0 ImageMagick versions 7.x prior to 7.0.1-2 **Description** The issue concerns the DrawDashPolygon function in MagickCore/draw.c, which mishandles calculations of certain vertices integer data. This can be exploited by remote attackers via a crafted file, leading to a denial of service (buffer overflow and application crash) or possibly other unspecified impacts. **Recommendations** For ImageMagick versions prior to 6.9.4-0, update to version 6.9.4-0 or later. For ImageMagick versions 7.x prior to 7.0.1-2, update to version 7.0.1-2 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.4-0 ImageMagick versions 7.x prior to 7.0.1-2 **Description** The issue is related to the DrawImage function in MagickCore/draw.c, which makes an incorrect function call when attempting to locate the next token. This can be exploited by remote attackers using a crafted file, potentially causing a denial of service due to a buffer overflow and application crash, or possibly having other unspecified impacts. **Recommendations** For ImageMagick versions prior to 6.9.4-0, update to version 6.9.4-0 or later. For ImageMagick versions 7.x prior to 7.0.1-2, update to version 7.0.1-2 or later.