Noirfate

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-4 Q16 **Description** A use-after-free issue in the RenderFreetype function within MagickCore/annotate.c allows attackers to crash the application. This is achieved through a crafted font file, exploiting the incorrect placement of the `FT Done Glyph` function call from FreeType 2 in the ImageMagick code. **Recommendations** For ImageMagick version 7.0.7-4 Q16, as a temporary workaround, consider restricting the use of crafted font files to minimize the risk of application crashes until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-3 **Description** The issue is related to the ReadCAPTIONImage function in the coders/caption.c component, which can lead to a denial of service due to an infinite loop. This can be triggered by a remote attacker using a specially crafted font file. **Recommendations** For ImageMagick version 7.0.7-3, consider disabling the ReadCAPTIONImage function as a temporary workaround until a patch is available. Restrict access to the coders/caption.c component to minimize the risk of exploitation. Avoid using specially crafted font files in the affected function until the issue is resolved.