Shqking

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.12.10 **Description** The issue is related to an integer overflow in the `qla2x00 sysfs write optrom ctl` function, which can be exploited by local users with root access to cause a denial of service, resulting in memory corruption and system crash. **Recommendations** For Linux kernel versions prior to 4.12.10, update to version 4.12.10 or later to resolve the issue. As a temporary workaround, consider restricting root access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.6-1 Q16 **Description** The issue is related to a lack of an EOF (End of File) check in the ReadXBMImage() function, which can cause huge CPU consumption. This occurs when a crafted XBM file with large rows and columns fields in the header but insufficient backing data is provided, leading to a loop over the rows that consumes significant CPU resources. **Recommendations** For ImageMagick version 7.0.6-1 Q16, consider disabling the ReadXBMImage() function until a patch is available to prevent potential denial of service attacks. Restrict access to XBM files to minimize the risk of exploitation. Avoid using the `ReadXBMImage()` function with untrusted input files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.7-0 Q16 **Description** The issue is related to errors in resource management in the ReadPSDLayersInternal function of the ImageMagick console graphic editor. Exploitation of this issue may allow a remote attacker to cause significant CPU consumption and denial of service using a specially crafted PSD file. This file requires a large length field in the header but does not contain sufficient backing data, leading to a loop that consumes significant CPU resources due to the lack of an End of File (EOF) check. **Recommendations** For ImageMagick version 7.0.7-0 Q16, consider disabling the ReadPSDLayersInternal function as a temporary workaround until a patch is available. Restrict access to PSD files that may trigger this issue to minimize the risk of exploitation. Avoid using PSD files with large length fields in the header that do not contain sufficient backing data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-0 Q16 **Description** The issue is related to a lack of an EOF (End of File) check in the ReadPSImage() function, which can cause huge CPU consumption. This occurs when a crafted PSD file with a large "extent" field in the header but insufficient backing data is provided, leading to a loop that consumes significant CPU resources. The vulnerability can be exploited by a remote attacker to cause a denial of service by consuming computational resources. **Recommendations** For ImageMagick version 7.0.7-0 Q16, consider disabling the ReadPSImage() function as a temporary workaround until a patch is available to prevent the exploitation of this issue. Restrict access to PSD files to minimize the risk of exploitation. Avoid using the `length` variable in the affected loop until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.6 through 7.0.10 **Description** The issue is related to an integer overflow in the `ReadTXTImage()` function of the `coders/txt.c` component in ImageMagick. This overflow can occur when a large `depth` value is used in the `GetQuantumRange(depth)+1` operation, resulting in a smaller value than expected. As a consequence, an infinite loop can be triggered by a crafted TXT file that claims a very large `max value`. This allows a remote attacker to cause a denial of service. **Recommendations** For ImageMagick versions 7.0.6 through 7.0.10, consider disabling the `ReadTXTImage()` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vim versions prior to 8.0.0322 **Description** The issue arises from improper validation of tree length values when handling a spell file, potentially leading to an integer overflow at a memory allocation site and a resultant buffer overflow. **Recommendations** For versions prior to 8.0.0322, update to a version that includes patch 8.0.0322 or later to resolve the issue.