Daniel Ahlberg

**Name of the Vulnerable Software and Affected Versions** HTTP Fetcher versions 1.0.0 through 1.0.1 **Description** The issue is related to a buffer overflow in the `http fetch` function, which can be triggered by a remote attacker sending a URL request with a long value in the `host`, `referer`, or `userAgent` fields. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code. **Recommendations** For HTTP Fetcher versions 1.0.0 and 1.0.1, consider restricting the length of the `host`, `referer`, and `userAgent` values in URL requests to prevent buffer overflow exploitation. As a temporary workaround, restrict access to the `http fetch` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: qpopper versions 4.0.x through 4.0.5fc1 Description: The issue is related to the `pop msg` function, which does not properly null terminate a message buffer after calling `Qvsnprintf`. This could potentially allow authenticated users to execute arbitrary code via a buffer overflow when using a `mdef` command with a long macro name. Recommendations: For qpopper versions 4.0.x through 4.0.5fc1, update to version 4.0.5fc2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** man versions prior to 1.5l **Description** The issue allows attackers to execute arbitrary code via a malformed man file with improper quotes. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the issue can be carried out locally. **Recommendations** For versions prior to 1.5l, update to version 1.5l or later to resolve the issue. As a temporary workaround, consider restricting access to malformed man files to minimize the risk of exploitation. Avoid using the `my xsprintf` function in the affected man package until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** vte versions 0.8.19 vte-devel versions 0.8.19 **Description** The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could enable the attacker to execute arbitrary commands, for example, when the user views a file containing the malicious sequence. Exploitation of this issue can be done remotely and may lead to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For vte version 0.8.19, consider disabling the use of character escape sequences in the terminal emulator until a patch is available. For vte-devel version 0.8.19, restrict the insertion of modified window titles back into the command line to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BladeEnc versions 0.94.2 and earlier **Description** The issue is related to an integer signedness error in the myFseek function of samplein.c for the Blade encoder. This error allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk. **Recommendations** For BladeEnc versions 0.94.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dcgui versions prior to 0.2.2 **Description** The issue allows remote attackers to read files outside the sharelist due to an unknown vulnerability in the directory parser for Direct Connect. **Recommendations** For versions prior to 0.2.2, update to version 0.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** slocate versions prior to 2.7 **Description** The issue allows local users to execute arbitrary code via a long command line argument, specifically with the (1) -c or (2) -r option. **Recommendations** For versions prior to 2.7, update to version 2.7 or later to resolve the issue.