Zongming Wang

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is caused by multiple memory corruption problems, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. This is due to a buffer overflow in the WebKit display module, allowing a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-3 Q16 **Description** The issue is related to the functions `ReadBMPImage` and `WriteBMPImage` in `coders/bmp.c`, which allow attackers to cause an out of bounds write via a crafted file. This can potentially enable a remote attacker to execute arbitrary code using a specially crafted file. **Recommendations** For ImageMagick version 7.0.8-3 Q16, consider disabling the `ReadBMPImage` and `WriteBMPImage` functions in `coders/bmp.c` as a temporary workaround until a patch is available. Restrict access to handling BMP files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-3 Q16 **Description** The issue is related to the ReadDIBImage and WriteDIBImage functions in the coders/dib.c file of the ImageMagick console graphic editor. It involves a buffer overflow, where writing beyond the memory buffer boundaries can occur. This can be exploited by a remote attacker using a specially crafted file, potentially allowing them to execute arbitrary code. **Recommendations** For ImageMagick version 7.0.8-3 Q16, consider disabling the ReadDIBImage and WriteDIBImage functions in coders/dib.c as a temporary workaround until a patch is available. Restrict access to these functions to minimize the risk of exploitation. Avoid using crafted files that could trigger the out of bounds write vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-37 Q16 **Description** The issue allows attackers to cause a heap-based buffer over-read via a crafted file, specifically through the SetGrayscaleImage function in the quantize.c file. **Recommendations** For ImageMagick version 7.0.7-37 Q16, consider avoiding the use of the SetGrayscaleImage function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.