Behzad Najjarpour Jabbari

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in memory object handling mechanisms in the Windows GDI component, allowing an attacker to disclose protected information using a specially crafted document file. It involves out-of-bounds read information disclosure, potentially affecting system security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** The issue is related to an information disclosure vulnerability in the Windows GDI component, which improperly discloses the contents of its memory. This can be exploited by attackers to obtain sensitive information using a specially crafted document. The vulnerability is associated with errors in the mechanisms for handling objects in memory. **Recommendations** For Windows 7, consider applying configuration changes to restrict access to sensitive information until a patch is available. For Windows Server 2012 R2, restrict access to the GDI component to minimize the risk of exploitation. For Windows RT 8.1, avoid using specially crafted documents that could trigger the vulnerability. For Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HarfBuzz versions prior to 1.0.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid read of two bytes and application crash. This is due to mishandling of GPOS and GSUB tables, related to files such as `hb-ot-layout-gpos-table.hh`, `hb-ot-layout-gsub-table.hh`, and `hb-ot-layout-gsubgpos-private.hh`. **Recommendations** For HarfBuzz versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** The issue is caused by errors in handling objects in memory by the Microsoft Graphics component in Windows operating systems. This can be exploited by a remote attacker using a specially crafted application to disclose protected information. **Recommendations** For Windows 7, update to a newer version to mitigate the risk. For Windows Server 2012 R2, update to a newer version to mitigate the risk. For Windows RT 8.1, update to a newer version to mitigate the risk. For Windows Server 2008, update to a newer version to mitigate the risk. For Windows Server 2012, update to a newer version to mitigate the risk. For Windows 8.1, update to a newer version to mitigate the risk. For Windows Server 2016, update to a newer version to mitigate the risk. For Windows Server 2008 R2, update to a newer version to mitigate the risk. For Windows 10, update to a newer version to mitigate the risk. For Windows 10 Servers, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a buffer overflow operation in the Windows GDI component, which can be exploited to disclose protected information. This can be achieved through a specially crafted document or a specially formed web page. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Server 2008 Windows 7 Windows Server 2008 R2 **Description** A remote code execution issue exists in the way the Windows Graphics Device Interface (GDI) handles objects in memory. This allows remote attackers to execute arbitrary code by exploiting the vulnerability, potentially through a specially crafted web page or document. **Recommendations** For Windows Server 2008, Windows 7, and Windows Server 2008 R2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jasper versions prior to 2.0.6 **Description** An out-of-bounds heap read issue was found in the jpc pi nextpcrl() function when processing crafted input. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the jpc pi nextpcrl() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNOME Structured File Library versions prior to 1.14.41 **Description** The issue is related to an error within the `tar directory for file()` function in the gsf-infile-tar.c file, which can be exploited to trigger a Null pointer dereference, causing a crash when processing a crafted TAR file. **Recommendations** For versions prior to 1.14.41, update to version 1.14.41 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted TAR files that could trigger the Null pointer dereference in the `tar directory for file()` function until a patch is applied.