Donghai Zhu

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in object handling in memory within the Win32k component of the Windows operating system. This can allow a remote attacker to elevate their privileges. An elevation-of-privilege issue affects the system, allowing attackers to impact it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.5-8 **Description** The issue is related to a buffer overflow in the `sixel decode` function, which can be exploited by remote attackers using a crafted file. This can cause a denial of service, resulting in an application crash, and may have other unspecified impacts. **Recommendations** For versions prior to 6.9.5-8, update to version 6.9.5-8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `sixel decode` function in the `coders/sixel.c` file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.5-8 **Description** The issue is caused by a buffer overflow in the `WritePDBImage` function in `coders/pdb.c`, allowing remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. This can be exploited by an attacker to disrupt service. **Recommendations** For versions prior to 6.9.5-8, update to version 6.9.5-8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `WritePDBImage` function in `coders/pdb.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.5-8 **Description** The issue is related to a buffer overflow in the `WriteMAPImage` function in `coders/map.c`. This can be exploited by remote attackers using a crafted file, potentially causing a denial of service (application crash) or having other unspecified impacts. **Recommendations** For versions prior to 6.9.5-8, update to version 6.9.5-8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `WriteMAPImage` function in `coders/map.c` to minimize the risk of exploitation. Avoid using the vulnerable function with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.5-8 **Description** The issue is related to the WriteTIFFImage function in coders/tiff.c, which allows remote attackers to cause a denial of service via a crafted file, resulting in a divide-by-zero error and application crash. **Recommendations** For versions prior to 6.9.5-8, update to version 6.9.5-8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the WriteTIFFImage function until a patch is applied. Avoid processing untrusted or specially crafted TIFF files with the affected ImageMagick versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.5-8 **Description** The issue is caused by a buffer overflow in the `WriteGROUP4Image` function. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service (application crash) or other unspecified impacts. **Recommendations** For versions prior to 6.9.5-8, update to version 6.9.5-8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `WriteGROUP4Image` function until a patch is available. Avoid using specially crafted files that could trigger the buffer overflow in the affected function.

**Name of the Vulnerable Software and Affected Versions** Xen versions 4.5.x and earlier QEMU (affected versions not specified) **Description** The issue is related to insufficient access control in the QEMU component of the Xen hypervisor, allowing a local attacker to gain privileges by exploiting a use-after-free vulnerability. This can be achieved by unplugging a block device twice, which may enable the attacker to perform actions such as disconnecting block devices. **Recommendations** For Xen versions 4.5.x and earlier, consider restricting access to the block device unplugging functionality until a patch is available. As a temporary workaround, avoid unplugging block devices twice in the affected QEMU component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to the version used in Xen 4.6 Xen versions 4.5.x and earlier **Description** The issue is related to the C+ mode offload emulation in the RTL8139 network card device model in QEMU. It allows remote attackers to read process heap memory via unspecified vectors. This could potentially enable an attacker to read data from memory. Additionally, it has been noted that a user on a guest virtual machine could read uninitialized QEMU memory on the switch and potentially run arbitrary code. **Recommendations** For QEMU versions prior to the version used in Xen 4.6: Update to a version used in Xen 4.6 or later to resolve the issue. For Xen versions 4.5.x and earlier: Upgrade to Xen 4.6 or later to address the vulnerability. As a temporary workaround, consider restricting access to the RTL8139 network card device model in QEMU until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xen versions 4.1.x through 4.5.x **Description** A stack-based buffer overflow issue exists in the xl command line utility. This allows local guest administrators to potentially gain privileges by providing a long configuration argument. **Recommendations** For Xen versions 4.1.x through 4.5.x, consider restricting access to the xl command line utility until a patch is available. As a temporary workaround, avoid using long configuration arguments with the xl utility to minimize the risk of exploitation.