Lcatro

**Name of the Vulnerable Software and Affected Versions** SWFTools (affected versions not specified) **Description** An address access exception was found in the swfdump function swf GetBits(). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SWFTools (affected versions not specified) **Description** A memcpy buffer overflow issue was discovered in the swfc component of SWFTools. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SWFTools (affected versions not specified) **Description** A memory leak was found in the wav2swf component of SWFTools. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SWFTools (affected versions not specified) **Description** A memcpy buffer overflow issue was discovered in the gif2swf component of SWFTools. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SWFTools (affected versions not specified) **Description** A stack overflow issue was discovered in the pdf2swf component of SWFTools. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SWFTools (affected versions not specified) **Description** An address access exception was found in the pdf2swf component of SWFTools, specifically in the FoFiTrueType::writeTTF() function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6-1 **Description** The issue is caused by a buffer over-read in memory when converting a file, related to the WriteCIPImage() function in coders/cip.c and the GetPixelLuma function in MagickCore/pixel-accessor.h. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service. **Recommendations** For ImageMagick version 7.0.6-1, consider disabling the `WriteCIPImage()` function or restricting the use of the `GetPixelLuma` function in MagickCore/pixel-accessor.h until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue arises when ImageMagick processes a crafted file, leading to an address access exception in the `WritePTIFImage()` function. This is caused by a buffer overflow during file conversion, which can be exploited by a remote attacker to cause an exception. **Recommendations** For ImageMagick version 7.0.6-1, consider disabling the `WritePTIFImage()` function in coders/tiff.c as a temporary workaround until a patch is available. Restrict access to the convert function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue is related to a memory leak that occurs when ImageMagick processes a crafted file using the `convert` function. This memory leak is caused by a buffer overflow in the `ReadMATImage()` function, located in `coders/mat.c`. The exploitation of this issue can allow a remote attacker to cause a memory leak. **Recommendations** For ImageMagick version 7.0.6-1, consider disabling the `ReadMATImage()` function in `coders/mat.c` as a temporary workaround to minimize the risk of exploitation. Restrict access to the `convert` function to prevent remote attackers from exploiting the memory leak. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue occurs when ImageMagick processes a crafted file in convert, leading to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. **Recommendations** For ImageMagick version 7.0.6-1, consider updating to a newer version that contains a fix for this issue, as using the WriteJP2Image() function in coders/jp2.c may pose a risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue occurs when ImageMagick processes a crafted file in convert, leading to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. **Recommendations** For ImageMagick version 7.0.6-1, consider updating to a newer version that contains a fix for this issue, as using the WriteOnePNGImage() function in coders/png.c can lead to a memory leak when processing crafted files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue arises when ImageMagick processes a crafted file using the convert function, leading to a memory leak in the ReadOnePNGImage() function located in coders/png.c. **Recommendations** For ImageMagick version 7.0.6-1, consider updating to a newer version that contains a fix for this issue, as using the current version may pose a risk due to the memory leak in the ReadOnePNGImage() function.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue arises when ImageMagick processes a crafted file, leading to a heap-based buffer over-read in the `GetPixelIndex()` function. This function is called from the `WritePICONImage` function in coders/xpm.c. **Recommendations** For ImageMagick version 7.0.6-1, consider restricting access to the `convert` function until a patch is available. As a temporary workaround, avoid using the `GetPixelIndex()` function or the `WritePICONImage` function in coders/xpm.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6-1 **Description** The issue is caused by a buffer overflow in memory, potentially allowing a remote attacker to cause a memory leak in the `WriteHISTOGRAMImage()` function in `coders/histogram.c`. This can occur when processing a crafted file in the convert function. **Recommendations** For ImageMagick version 7.0.6-1, consider restricting access to the `WriteHISTOGRAMImage()` function in `coders/histogram.c` until a patch is available. Avoid using the convert function with untrusted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.9.9-0 through 6.9.9-0 and 7.0.0 through 7.0.6-1 **Description** The issue allows remote attackers to cause a denial of service via a crafted file, specifically through a NULL pointer dereference in the WriteOnePNGImage function in coders/png.c. **Recommendations** For ImageMagick versions 6.9.9-0 and 7.0.0 through 7.0.6-1, consider disabling the WriteOnePNGImage function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 **Description** The issue arises when ImageMagick processes a crafted file, leading to a Floating Point Exception (FPE) in the WritePALMImage() function. This is related to an incorrect bits-per-pixel calculation. **Recommendations** For ImageMagick version 7.0.6-1, consider disabling the WritePALMImage() function as a temporary workaround until a patch is available. Restrict access to the convert function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue arises from insufficient input validation in the WriteMAPImage() function, located in coders/map.c, when handling non-colormapped images. This can potentially allow a remote attacker to execute arbitrary code. **Recommendations** For GraphicsMagick version 1.3.26, as a temporary workaround, consider disabling the WriteMAPImage() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a NULL pointer dereference in the `WriteMAPImage()` function, located in `coders/map.c`, which occurs when processing a non-colormapped image. This could potentially allow a remote attacker to execute arbitrary code. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the `WriteMAPImage()` function as a temporary workaround until a patch is available. Restrict access to the `coders/map.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a NULL pointer dereference in the `WritePCLImage()` function during writes of monochrome images. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the `WritePCLImage()` function as a temporary workaround until a patch is available. Restrict access to the `coders/pcl.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a memory leak in the PersistCache function of the GraphicsMagick library. This occurs due to a resource not being released after its expiration. An attacker could exploit this to cause a denial of service (memory leak) remotely. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the PersistCache function as a temporary workaround until a patch is available. Restrict access to the `magick/pixel cache.c` module to minimize the risk of exploitation. Avoid using the PersistCache function for writing Magick Persistent Cache (MPC) files until the issue is resolved.