Littleputa

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-17 Q16 **Description** The issue concerns memory leaks in the ReadRLAImage function located in coders/rla.c. **Recommendations** For ImageMagick version 7.0.7-17 Q16, consider updating to a newer version that addresses the memory leaks in the ReadRLAImage function.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a heap-based buffer over-read in the `ReadRGBImage` function in `coders/rgb.c` of GraphicsMagick. This occurs via a crafted file, specifically affecting the `ImportRGBQuantumType` in `magick/import.c`. **Recommendations** For GraphicsMagick version 1.3.26, consider avoiding the use of the `ReadRGBImage` function until a patch is available. As a temporary workaround, restrict the processing of crafted files that could trigger the heap-based buffer over-read.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, via a crafted file. This is due to a heap-based buffer overflow in the `MagickBitStreamMSBWrite` function within the `bit stream.c` file. The vulnerability is related to the `WritePNMImage` function in `coders/pnm.c`. **Recommendations** For GraphicsMagick version 1.3.26, consider avoiding the use of the `WritePNMImage` function in `coders/pnm.c` until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a heap-based buffer over-read in the ReadCMYKImage function in GraphicsMagick. This occurs via a crafted file, specifically in the magick/import.c ImportCMYKQuantumType. **Recommendations** For GraphicsMagick version 1.3.26, consider avoiding the use of crafted files that may trigger the heap-based buffer over-read in the ReadCMYKImage function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a heap-based buffer over-read in the `ReadGRAYImage` function in `coders/gray.c` of GraphicsMagick. This occurs via a crafted file, specifically affecting the `ImportGrayQuantumType` in `magick/import.c`. **Recommendations** For GraphicsMagick version 1.3.26, consider avoiding the use of crafted files that may trigger the heap-based buffer over-read in the `ReadGRAYImage` function until a patch is available. As a temporary workaround, restrict the import of gray quantum types to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to a heap-based buffer over-read in the WriteOnePNGImage function, located in the coders/png.c file of GraphicsMagick. This occurs when processing a crafted file. **Recommendations** For GraphicsMagick version 1.3.26, consider updating to a newer version that contains a fix for this issue, as using a crafted file can lead to a heap-based buffer over-read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.9.9-24 ImageMagick versions 7.x prior to 7.0.7-12 **Description** The issue is related to a use-after-free in the `Magick::Image::read` function located in `Magick++/lib/Image.cpp`. **Recommendations** For ImageMagick versions prior to 6.9.9-24, update to version 6.9.9-24 or later. For ImageMagick versions 7.x prior to 7.0.7-12, update to version 7.0.7-12 or later.