Alwin Peppels

Name of the Vulnerable Software and Affected Versions: Kubik-Rubik SIGE (aka Simple Image Gallery Extended) versions prior to 3.3.0 Description: The issue allows attackers to execute JavaScript in a victim's browser. This is achieved by having the victim visit a crafted link, specifically a 'plugins/content/sige/plugin sige/print.php' link, with malicious `img`, `name`, or `caption` parameters. Recommendations: For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'plugins/content/sige/plugin sige/print.php' endpoint or avoiding the use of the `img`, `name`, and `caption` parameters in this context until the update is applied.

**Name of the Vulnerable Software and Affected Versions** APNGDis versions 2.8 and earlier **Description** A buffer overflow issue allows remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor. **Recommendations** For APNGDis versions 2.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** APNGDis versions 2.8 and earlier **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk. **Recommendations** For APNGDis versions 2.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** APNGDis versions 2.8 and below **Description** A buffer overflow issue allows a remote attacker to execute arbitrary code via a crafted filename. **Recommendations** For APNGDis versions 2.8 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 18.1.5.705 **Description** The issue arises from improper handling of a repeating VRAT chunk in qcpfformat.dll, which allows attackers to cause a Null pointer dereference and crash through a crafted .QCP media file. **Recommendations** For version 18.1.5.705, update to a newer version to mitigate the risk.