Laszlo Boszormenyi

Name of the Vulnerable Software and Affected Versions: GraphicsMagick versions prior to 8e56520 Description: The issue is related to a heap-based buffer over-read in the ReadJXLImage function in coders/jxl.c, which is connected to an ImportViewPixelArea call. Recommendations: For versions prior to 8e56520, update to a version that includes the fix for the heap-based buffer over-read issue.

**Name of the Vulnerable Software and Affected Versions** GNU patch versions 2.7.2 and earlier **Description** The issue is related to errors in resource management, specifically memory consumption, which can lead to a denial of service. This can be triggered by a remote attacker using a crafted diff file, resulting in a segmentation fault. The estimated number of potentially affected devices is not specified. **Recommendations** For GNU patch versions 2.7.2 and earlier, update to a version later than 2.7.2 to resolve the issue. As a temporary workaround, consider restricting the use of crafted diff files to minimize the risk of exploitation.