Ylwango613

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A missing consistency check allows a malicious authoritative server to send a specially crafted RPZ (Response Policy Zone), resulting in a null pointer dereference. This condition leads to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A rogue backend can send a crafted UDP response with a query ID off by one relative to the maximum configured value. This triggers an out-of-bounds write, which is a memory corruption error where data is written outside the intended boundary of a buffer, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerDNS Recursor (affected versions not specified) **Description** A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request. This occurs when the request is made via the `autoUpgrade` (Lua) option to newServer or the `auto upgrade` (YAML) settings. Discovery of Designated Resolvers (DDR) is a mechanism used by DNS clients to discover and upgrade to more secure resolver configurations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A cached crafted response can cause an out-of-bounds read, which occurs when a program reads data outside the intended boundary of a buffer. This happens if custom Lua code calls the functions `getDomainListByAddress()` or `getAddressListByDomain()` on a packet cache. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A missing consistency check allows an attacker to send replies that result in a null pointer dereference, which is an attempt to access memory through a null pointer, leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A client might theoretically cause a mismatch between queries sent to a backend and the received responses. This occurs when a flood of perfectly timed queries is routed to a TCP-only or DNS over TLS backend. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PowerDNS (affected versions not specified) **Description** A rogue primary server can cause file descriptor exhaustion, leading to a denial of service, when a PowerDNS secondary server forwards a DNS update request to it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A missing consistency check in the `zoneToCache()` function allows an attacker using a malicious authoritative server to send a zone that triggers a null pointer dereference, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xgrammar versions prior to 0.1.32 **Description** xgrammar, an open-source library for structured generation, experienced a segmentation fault due to multi-level nested syntax in versions prior to 0.1.32. This issue can lead to a denial-of-service condition. **Recommendations** Update to version 0.1.32 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. A heap buffer over-read issue arises when processing an image with small dimensions using the `-wavelet-denoise` operator. The issue manifests as an error during memory access, specifically a read of size 4 at a particular memory address. **Recommendations** Update ImageMagick to version 7.1.2-15 or later. Update ImageMagick to version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. A `continue` statement within the JPEG extent binary search loop in the jpeg encoder can cause an infinite loop when writing persistently fails. This can lead to 100% CPU consumption and a process hang, resulting in a denial of service. The issue is triggered by a crafted image. **Recommendations** Update to ImageMagick version 7.1.2-15 or later. Update to ImageMagick version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick, software for editing and manipulating digital images, has an issue with boundary checking when processing Huffman-coded data from PCD (Photo CD) files. The decoder contains a function with an incorrect initialization, potentially leading to an out-of-bounds read. **Recommendations** Update ImageMagick to version 7.1.2-15 or later. Update ImageMagick to version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crash can occur in the MSL interpreter when processing an invalid `<map>` element. This crash is caused by the interpreter using an image after it has been freed from memory. **Recommendations** Update ImageMagick to version 7.1.2-15 or later. Update ImageMagick to version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. A specially crafted profile containing invalid IPTC data can cause an infinite loop when writing it using the `IPTCTEXT` function. **Recommendations** Update to ImageMagick version 7.1.2-15 or later. Update to ImageMagick version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. A flaw exists where the software does not properly check for multi-layer nested mvg conversions to svg, potentially leading to a denial-of-service (DoS) condition. **Recommendations** Update ImageMagick to version 7.1.2-15 or later. Update ImageMagick to version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 **Description** ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted PCD file lacking a valid Sync marker causes the `DecodeImage()` function to enter an infinite loop while searching for the marker. This results in the program becoming unresponsive and consuming CPU resources, potentially leading to system resource exhaustion and a denial of service. **Recommendations** Update to ImageMagick version 7.1.2-15 or later. Update to ImageMagick version 6.9.13-40 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 **Description** ImageMagick is software used for editing and manipulating digital images. A memory leak in the ASHLAR image writer allows an attacker to exhaust process memory by providing a crafted image that results in small objects being allocated but never freed. **Recommendations** Update to version 7.1.2-15 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.1.2-15 **Description** ImageMagick is software used for editing and manipulating digital images. The `WriteUHDRImage` function in `coders/uhdr.c` uses 32-bit integer arithmetic to calculate the pixel buffer size. When image dimensions are large, this calculation can overflow, resulting in an undersized heap allocation and an out-of-bounds write. This can crash the process or potentially lead to an out-of-bounds heap write. The vulnerable function is `WriteUHDRImage`. **Recommendations** Update to ImageMagick version 7.1.2-15 or later.