C0D3Xpl0It

**Name of the Vulnerable Software and Affected Versions** MiniUPnP ngiflib version 0.4 **Description** The issue is related to a NULL pointer dereference in the `GifIndexToTrueColor` function in `ngiflib.c`. This occurs when processing a file that lacks a palette. **Recommendations** For MiniUPnP ngiflib version 0.4, consider avoiding the use of files without a palette to prevent the NULL pointer dereference in the `GifIndexToTrueColor` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.6.3 **Description** The issue allows a NULL pointer dereference in the `Sass::Parser::parseCompoundSelector` function, located in `parser selectors.cpp`. **Recommendations** For versions prior to 3.6.3, update to version 3.6.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LibSass version 3.6.1 **Description** The issue is related to uncontrolled recursion in the `Sass::Eval::operator()` function, specifically when handling `Sass::Binary Expression` objects in the `eval.cpp` file. **Recommendations** For LibSass version 3.6.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.6.3 **Description** The issue allows a heap-based buffer over-read in the `Sass::weaveParents` function located in `ast sel weave.cpp`. **Recommendations** For versions prior to 3.6.3, update to version 3.6.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** The issue is related to a NULL pointer dereference in the `AP4 Descriptor::GetTag` function in `Core/Ap4Descriptor.h`, which is connected to the `AP4 StsdAtom::GetSampleDescription` function in `Core/Ap4StsdAtom.cpp`. This has been demonstrated using the mp4info tool. **Recommendations** For Bento4 version 1.5.1.0, consider applying a patch or fix that addresses the NULL pointer dereference issue in the `AP4 Descriptor::GetTag` function. As a temporary workaround, consider restricting access to the `AP4 Descriptor::GetTag` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** The issue is related to a NULL pointer dereference in the `AP4 DescriptorListInspector::Action` function in `Core/Ap4Descriptor.h`, which is connected to the `AP4 IodsAtom::InspectFields` function in `Core/Ap4IodsAtom.cpp`. This can be demonstrated using mp4dump. **Recommendations** For Bento4 version 1.5.1.0, consider restricting access to the `AP4 DescriptorListInspector::Action` function until a patch is available. As a temporary workaround, avoid using the `AP4 IodsAtom::InspectFields` function in `Core/Ap4IodsAtom.cpp` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1.0 **Description** The issue is related to a NULL pointer dereference in the `AP4 DescriptorListWriter::Action` function in `Core/Ap4Descriptor.h`, which is connected to the `AP4 IodsAtom::WriteFields` function in `Core/Ap4IodsAtom.cpp`. This can be demonstrated using tools like `mp4encrypt` or `mp4compact`. **Recommendations** For Bento4 version 1.5.1.0, consider avoiding the use of the `AP4 DescriptorListWriter::Action` function until a patch is available. As a temporary workaround, restrict access to the `AP4 IodsAtom::WriteFields` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libyal liblnk version 20191006 **Description** The issue is related to a heap-based buffer over-read in the `network share name offset>20` code block of `liblnk location information read data` in `liblnk location information.c`. This is a distinct problem. The vendor has disputed the description of this issue, as noted in a GitHub discussion. **Recommendations** For libyal liblnk version 20191006, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.27.2 **Description** The issue is related to a lack of validation in the Exiv2 library, specifically in the `crwimage int.cpp` module, which can lead to a crash when the `getULong` function is called from `CiffDirectory::readDirectory`. This is due to the absence of checks on the relationship between the total size and the offset and size. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Exiv2 version 0.27.2, consider applying input validation to prevent buffer overflows, or restrict access to the `crwimage int.cpp` module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libIEC61850 versions prior to 1.3.4 **Description** The issue is related to a use-after-free in the MmsServer waitReady function located in the mms/iso mms/server/mms server.c file. This can be demonstrated using the server example goose. **Recommendations** For libIEC61850 versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the MmsServer waitReady function in mms/iso mms/server/mms server.c until a patch is available.