Iwashiira

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-0 ImageMagick versions prior to 6.9.13-26 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. A heap buffer overflow exists in the `InterpretImageFilename` function due to an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Recommendations: Update ImageMagick to version 7.1.2-0 or later. Update ImageMagick to version 6.9.13-26 or later.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-0 ImageMagick versions prior to 6.9.13-26 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. In the `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Recommendations: Update ImageMagick to version 7.1.2-0 or later. Update ImageMagick to version 6.9.13-26 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-0 ImageMagick versions prior to 6.9.13-26 **Description** ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, specifying multiple consecutive `%d` format specifiers in a filename template within the `magick mogrify` command causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through the `vsnprintf()` function. **Recommendations** ImageMagick versions prior to 7.1.2-0: Upgrade to version 7.1.2-0 or later. ImageMagick versions prior to 6.9.13-26: Upgrade to version 6.9.13-26 or later.

**Name of the Vulnerable Software and Affected Versions** tsMuxer version nightly-2024-03-14-01-51-12 **Description** A stack-based buffer over-read in tsMuxer allows attackers to cause Information Disclosure via a crafted TS video file. **Recommendations** For tsMuxer version nightly-2024-03-14-01-51-12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tsMuxer version nightly-2024-03-14-01-51-12 **Description** A heap-based buffer overflow in tsMuxer allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. **Recommendations** For tsMuxer version nightly-2024-03-14-01-51-12, consider avoiding the use of crafted MOV video files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: tsMuxer version nightly-2024-05-12-02-01-18 Description: A heap-based buffer overflow in tsMuxer allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. This issue can be exploited by attackers, but there is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Recommendations: For tsMuxer version nightly-2024-05-12-02-01-18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.