Jin-156

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-28 ImageMagick versions prior to 7.1.2-2 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Passing a geometry string containing only a colon (":") to the `montage` function with the `-geometry` option leads `GetGeometry()` to set width/height to 0. Subsequently, `ThumbnailImage()` divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. Recommendations: Update ImageMagick to version 6.9.13-28 or later. Update ImageMagick to version 7.1.2-2 or later.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-28 ImageMagick versions prior to 7.1.2-2 Description: ImageMagick is software used for editing and manipulating digital images. A format string bug exists in the `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString` without proper sanitization. This can allow an attacker to overwrite arbitrary memory regions, potentially leading to heap overflow and remote code execution. Recommendations: Update ImageMagick to version 6.9.13-28 or later. Update ImageMagick to version 7.1.2-2 or later.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.1.2-0 Description: ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 experience infinite lines during a specific XMP file conversion command when writing. Recommendations: Update to version 7.1.2-0 or later.