Marckwei

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. A heap out-of-bounds read issue exists in the `coders/dcm.c` module when processing DICOM files with a specific configuration. The decoder loop incorrectly reads bytes per iteration, causing it to read past the end of the allocated buffer. This can lead to a Denial of Service (crash) or Information Disclosure (leaking heap memory into the image). **Recommendations** Update ImageMagick to version 7.1.2-15 or later. Update ImageMagick to version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** Suricata versions prior to 8.0.3 Suricata versions prior to 7.0.14 **Description** Specially crafted network traffic can cause Suricata to consume excessive memory when parsing DNP3 traffic. This can lead to performance degradation and potential process termination due to out-of-memory (OOM) conditions. The issue affects Suricata when processing DNP3 traffic. As a temporary measure, disabling the DNP3 parser in the Suricata configuration file can mitigate the problem. **Recommendations** Update to Suricata version 8.0.3 or later. Update to Suricata version 7.0.14 or later. As a temporary workaround, disable the DNP3 parser in the Suricata configuration file.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 1a2c047 **Description** A segmentation violation was discovered in Jerryscript via the component build/bin/jerry. **Recommendations** For Jerryscript version 1a2c047, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OAID Tengine lite version v1.0 **Description** The serializer module in OAID Tengine lite has a reported Buffer Overflow issue, which can cause a crash. However, there is some uncertainty regarding the existence of proof for this overflow. **Recommendations** For OAID Tengine lite version v1.0, consider disabling the serializer module as a temporary workaround until a patch is available. Restrict access to the serializer module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** struct2json versions prior to 2020-11-18 **Description** The issue is related to a Buffer Overflow caused by the use of strcpy for S2J STRUCT GET string ELEMENT. **Recommendations** For versions prior to 2020-11-18, update to a version released after 2020-11-18 to resolve the issue.