Asarubbo

**Nome do software vulnerável e versões afetadas** drachtio-server versão 0.8.18 **Descrição** O problema está relacionado a um erro de uso após liberação de memória (use-after-free) na função `event cb`, localizada no arquivo `request-handler.cpp`, para qualquer solicitação. **Recomendações** Para a versão 0.8.18 do drachtio-server, considere desativar a função `event cb` no `request-handler.cpp` como uma solução temporária até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** A NULL pointer dereference was discovered in the `AP4 AtomSampleTable::GetSample` function in `Core/Ap4AtomSampleTable.cpp`, which causes a segmentation fault and application crash. This leads to a remote denial of service. **Recommendations** For Bento4 version 1.5.0-617, consider applying a patch or fix to resolve the NULL pointer dereference issue in the `AP4 AtomSampleTable::GetSample` function to prevent remote denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** The issue is related to missing NULL checks in the AP4 AtomFactory::CreateAtomFromStream function, which can lead to a NULL pointer dereference, resulting in a segmentation fault and application crash in the AP4 Atom::SetType function. **Recommendations** For Bento4 version 1.5.0-617, consider adding NULL checks to the AP4 AtomFactory::CreateAtomFromStream function to prevent NULL pointer dereferences. As a temporary workaround, restrict the use of the AP4 AtomFactory::CreateAtomFromStream function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** The issue is caused by incorrect character data types used in the AP4 VisualSampleEntry::ReadFields function in Core/Ap4SampleEntry.cpp. This leads to a stack-based buffer underflow and out-of-bounds write, resulting in denial of service, which is an application crash, or possibly other unspecified impacts. **Recommendations** For Bento4 version 1.5.0-617, as a temporary workaround, consider disabling the AP4 VisualSampleEntry::ReadFields function until a patch is available. Restrict access to the Core/Ap4SampleEntry.cpp module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** A NULL pointer dereference was discovered in the AP4 DataAtom class, which causes a segmentation fault and application crash. This leads to a remote denial of service. **Recommendations** For Bento4 version 1.5.0-617, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** A NULL pointer dereference was discovered in the AP4 HdlrAtom class, causing a segmentation fault and application crash in AP4 StdcFileByteStream::ReadPartial, which leads to remote denial of service. **Recommendations** For Bento4 version 1.5.0-617, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** The issue arises from the AP4 HdlrAtom class in Core/Ap4HdlrAtom.cpp, which uses an incorrect character data type. This leads to a heap-based buffer over-read and application crash in the `AP4 BytesToUInt32BE` function in Core/Ap4Utils.h. **Recommendations** For Bento4 version 1.5.0-617, consider updating to a newer version that addresses this issue, as the current version uses an incorrect character data type that can cause a heap-based buffer over-read and application crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.0-617 **Description** The issue arises from improper data size validation in the AP4 AvccAtom and AP4 HvccAtom classes, resulting in a heap-based buffer over-read and application crash in the `AP4 DataBuffer::SetData` function located in Core/Ap4DataBuffer.cpp. **Recommendations** For Bento4 version 1.5.0-617, consider updating to a newer version that addresses the improper data size validation issue in the AP4 AvccAtom and AP4 HvccAtom classes to prevent heap-based buffer over-reads.

**Name of the Vulnerable Software and Affected Versions** mp4tools aacplusenc version 0.17.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory write, a SEGV on an unknown address, and an application crash, or possibly have other unspecified impacts via a crafted .wav file. This is due to a NULL pointer dereference. **Recommendations** For version 0.17.5, consider updating to a newer version that contains a fix for this issue, as using a crafted .wav file can lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** A size-validation issue was discovered in the `opj j2k write sot` function in `lib/openjp2/j2k.c`, which causes an out-of-bounds write. This may lead to a remote denial of service or possibly remote code execution due to a heap-based buffer overflow affecting the `opj write bytes LE` function in `lib/openjp2/cio.c`. **Recommendations** For OpenJPEG version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** A mishandled zero case was discovered in `opj j2k set cinema parameters` in lib/openjp2/j2k.c, causing an out-of-bounds write. This may lead to remote denial of service, specifically a heap-based buffer overflow affecting `opj write bytes LE` in lib/openjp2/cio.c and `opj j2k write sot` in lib/openjp2/j2k.c, or possibly remote code execution. **Recommendations** As a temporary workaround, consider disabling the `opj j2k set cinema parameters` function until a patch is available. Restrict access to the `opj write bytes LE` and `opj j2k write sot` functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** A heap-based buffer overflow issue was found due to an off-by-one error in the `opj tcd code block enc allocate data` function, potentially leading to remote denial of service or possibly remote code execution. The issue affects the `opj mqc flush` function in `lib/openjp2/mqc.c` and the `opj t1 encode cblk` function in `lib/openjp2/t1.c`. **Recommendations** For OpenJPEG version 2.2.0, consider updating to a newer version that contains a fix for this issue, as the current version may allow for remote denial of service or possibly remote code execution due to the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** A stack-based buffer overflow was discovered in the `pgxtoimage` function in `bin/jp2/convert.c`. This issue causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. **Recommendations** For OpenJPEG version 2.2.0, consider disabling the `pgxtoimage` function as a temporary workaround until a patch is available. Restrict access to the `convert.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** The issue is related to an invalid write access in the `bin/jp2/convert.c` file, which triggers a crash in the `tgatoimage` function. This may lead to a denial of service or possibly other unspecified impacts. **Recommendations** For OpenJPEG version 2.2.0, consider disabling the `tgatoimage` function as a temporary workaround until a patch is available. Restrict access to the `bin/jp2/convert.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** A heap-based buffer overflow was discovered in the `opj t2 encode packet` function, causing an out-of-bounds write. This may lead to remote denial of service or possibly other unspecified impact. **Recommendations** For OpenJPEG version 2.2.0, consider disabling the `opj t2 encode packet` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.2.0 **Description** The issue is related to the `bmp read info header` function, which does not properly handle headers with a zero `biBitCount`, leading to a denial of service due to memory allocation failure in the `opj image create` function. This is connected to the `opj aligned alloc n` function in `opj malloc.c`. **Recommendations** For OpenJPEG version 2.2.0, consider applying a patch or fix that properly rejects headers with a zero `biBitCount` to prevent memory allocation failures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lrzip version 0.631 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted archive. This is due to a problem in the join pthread function in stream.c in liblrzip.so. **Recommendations** For version 0.631, consider updating to a newer version that addresses this issue, as the current version is affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lrzip version 0.631 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted archive. This is due to a problem in the `read 1g` function in `stream.c` in `liblrzip.so`. **Recommendations** For lrzip version 0.631, consider updating to a newer version that contains a fix for this issue, as the current version is affected by a heap-based buffer overflow that can lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LZO version 2.08 lrzip version 0.631 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and application crash, via a crafted archive. This is due to a problem in the lzo1x decompress function. **Recommendations** For LZO version 2.08, consider updating to a newer version that addresses this issue. For lrzip version 0.631, consider updating to a newer version that incorporates a fixed version of LZO. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lrzip version 0.631 **Description** The issue allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash, via a crafted archive. This is due to a problem in the `read stream` function in `stream.c` in `liblrzip.so`. **Recommendations** For lrzip version 0.631, consider updating to a newer version that addresses this issue, as the current version is affected by a denial of service vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.