Chijinz

**Nome do software vulnerável e versões afetadas** Versões 5.0.7 do Redis **Descrição** O problema está relacionado a uma falha de segmentação no componente redis-server do Redis, o que pode levar a um ataque de negação de serviço (DOS). Isso pode ser explorado por um invasor remoto para causar uma interrupção no serviço. O fornecedor informou que não consegue reproduzir esse problema nas versões lançadas, como a 5.0.7. **Recomendações** Para a versão 5.0.7 do Redis, considere aplicar alterações de configuração para minimizar o risco de exploração, como restringir o acesso ao componente redis-server até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** tinyexr versão 0.9.5 **Descrição** O problema está relacionado a um erro de índice de matriz no componente `tinyexr::SaveEXR` da biblioteca OpenEXR Tinyexr para processamento de imagens. Esse erro pode ser explorado por um invasor remoto para causar uma negação de serviço (DOS). **Recomendações** Para a versão 0.9.5, considere desativar o componente `tinyexr::SaveEXR` até que uma correção esteja disponível para evitar possíveis ataques de negação de serviço.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an array index error in the `tinyexr::DecodeEXRImage` component of the tinyexr library for image processing. This error can be exploited by a remote attacker to cause a denial of service. **Recommendations** For tinyexr version 0.9.5, consider disabling the `tinyexr::DecodeEXRImage` component until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an assertion failure in the DecodePixelData function within tinyexr.h. **Recommendations** For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a segmentation fault in the `wav2Decode` function. **Recommendations** For tinyexr version 0.9.5, consider avoiding the use of the `wav2Decode` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a heap-based buffer over-read in the `LoadEXRImageFromMemory` function located in `tinyexr.h`. **Recommendations** For tinyexr version 0.9.5, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an assertion failure in the ComputeChannelLayout function located in tinyexr.h. **Recommendations** For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a heap-based buffer over-read in the `tinyexr::DecodePixelData` function, located in `tinyexr.h`, and is connected to OpenEXR code. **Recommendations** For tinyexr version 0.9.5, consider avoiding the use of the `tinyexr::DecodePixelData` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a memory leak in the `ParseEXRHeaderFromMemory` function located in `tinyexr.h`. **Recommendations** For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: libjpeg version 9c Description: The issue is related to the `read pixel` function in `rdtarga.c` of the libjpeg library, which mishandles EOF, leading to a large loop. This is due to resource management errors. Exploitation of this issue may allow a remote attacker to cause a denial of service. Recommendations: For libjpeg version 9c, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.5 **Description** The issue arises from a heap-based buffer over-read in the `md is link reference definition helper` function within md4c. This occurs due to `md is link label` mishandling loop termination, leading to improper handling of data and resulting in a buffer over-read. **Recommendations** For md4c version 0.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.5 **Description** The issue is caused by a heap-based buffer over-read due to an off-by-one error in the `md is named entity contents` function. **Recommendations** For md4c version 0.2.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.5 **Description** The issue is related to a heap-based buffer overflow in the `md merge lines` function. This overflow occurs because the `md is link label` function mishandles link labels composed solely of backslash escapes. **Recommendations** For md4c version 0.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c versions prior to 0.2.5 **Description** The issue is caused by a heap-based buffer overflow in the md split simple pairing mark function, which mishandles splits. **Recommendations** For versions prior to 0.2.5, update to version 0.2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PDFGen versions prior to 2018-04-09 **Description** The issue is related to a heap-based buffer over-read in the `jpeg size` function within `pdfgen.c` in PDFGen. **Recommendations** For versions prior to 2018-04-09, update to a version released after 2018-04-09 to resolve the issue.