Owensanzas

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-13 **Description** ImageMagick is software used for editing and manipulating digital images. Versions before 7.1.2-13 are susceptible to a stack overflow due to infinite recursion within the MSL (Magick Scripting Language) `<write>` command when writing to MSL format. The issue is addressed in version 7.1.2-13. **Recommendations** Update to version 7.1.2-13 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 14.10.1 and below ImageMagick version 7.x **Description** ImageMagick, a free and open-source software for editing and manipulating digital images, contains a NULL pointer dereference issue in the MSL (Magick Scripting Language) parser. This occurs when processing `<comment>` tags before images are loaded. The issue can lead to a denial of service (DoS) attack due to assertion failure in debug builds or a NULL pointer dereference in release builds. The root cause is a missing NULL check when deleting an image property within the MSL parser. The vulnerability affects applications using ImageMagick to process user-supplied MSL files. **Recommendations** Update to ImageMagick version 14.10.2 or later. For ImageMagick version 7.x, there is no information about a newer version that contains a fix for this vulnerability.