Edward-Lo

**Name of the Vulnerable Software and Affected Versions** gpmf-parser version 1.1.2 **Description** An issue was discovered in the gpmf-parser, where there is a heap-based buffer over-read in the GPMF parser.c file, specifically in the function GPMF Type. **Recommendations** For gpmf-parser version 1.1.2, consider applying a patch or fix that addresses the heap-based buffer over-read issue in the GPMF Type function, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GPAC version 0.7.1 Description: A heap-based buffer over-read issue was discovered in the urn Read function in isomedia/box code base.c. This issue is related to a buffer over-read vulnerability in the GPAC multimedia platform, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For GPAC version 0.7.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gpmf-parser version 1.1.2 **Description** A heap-based buffer over-read issue was discovered in the GPMF parser.c file, specifically in the `GPMF Validate()` function. **Recommendations** For gpmf-parser version 1.1.2, consider disabling the `GPMF Validate()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** gpmf-parser version 1.1.2 **Description** An issue was discovered in the function `GPMF Next` in GPMF parser.c, related to certain checks for `GPMF KEY END` and `nest level`, which can lead to a heap-based buffer over-read. This issue is not conditional on a `buffer size longs` check. **Recommendations** For gpmf-parser version 1.1.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** gpmf-parser version 1.1.2 **Description** An issue was discovered in the gpmf-parser, where there is a heap-based buffer over-read in the GPMF parser.c file, specifically in the function GPMF Next. This issue is related to certain checks for a positive nest level. **Recommendations** For gpmf-parser version 1.1.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** gpmf-parser version 1.1.2 **Description** An issue was discovered in the function GPMF Next, related to certain checks for `GPMF KEY END` and `nest level` (conditional on a `buffer size longs` check), which leads to a heap-based buffer over-read in GPMF parser.c. **Recommendations** For gpmf-parser version 1.1.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Miniz version 2.0.7 **Description** The issue is caused by an infinite loop in the tinfl decompress function in miniz tinfl.c. This occurs because the `sym2` and `counter` variables can both remain equal to zero. **Recommendations** For Miniz version 2.0.7, consider modifying the tinfl decompress function to prevent the infinite loop by ensuring `sym2` and `counter` are updated correctly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.6 **Description** The issue is related to a NULL pointer dereference in the `md process line` function in md4c.c. This occurs due to `ctx->current block`. **Recommendations** For md4c version 0.2.6, consider applying a patch to fix the NULL pointer dereference issue in the `md process line` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault and application crash, or possibly have other unspecified impacts via a crafted file. This is due to the `md build attribute` function in `md4c.c`. **Recommendations** For md4c version 0.2.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiniUPnP ngiflib version 0.4 **Description** The issue is related to an infinite loop in the DecodeGifImg and LoadGif functions within the ngiflib.c file of MiniUPnP ngiflib. **Recommendations** For MiniUPnP ngiflib version 0.4, consider updating to a newer version that addresses this issue, as the current version contains an infinite loop in the DecodeGifImg and LoadGif functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiniUPnP ngiflib version 0.4 **Description** The issue is related to a stack-based buffer overflow in the DecodeGifImg function of ngiflib.c. **Recommendations** For MiniUPnP ngiflib version 0.4, consider updating to a newer version that contains a fix for this issue, as using outdated software can pose significant security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiniUPnP ngiflib version 0.4 **Description** The issue is related to a heap-based buffer over-read in the GifIndexToTrueColor function of the ngiflib.c file. **Recommendations** For MiniUPnP ngiflib version 0.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MiniUPnP ngiflib version 0.4 **Description** The issue is related to a Segmentation fault in the GifIndexToTrueColor function in ngiflib.c. **Recommendations** For MiniUPnP ngiflib version 0.4, consider updating to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Liblouis version 3.5.0 Description: The issue is related to a buffer overflow on the stack in the `lou logPrint` function of the Liblouis translator. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. Recommendations: For Liblouis version 3.5.0, consider disabling the `lou logPrint` function as a temporary workaround until a patch is available. Restrict access to the logging module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LibRaw version 0.18.9 Description: An issue was discovered in the `utf2char` function in `libraw cxx.cpp`, which leads to a stack-based buffer overflow. Recommendations: For LibRaw version 0.18.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LibRaw version 0.18.9 Description: An issue was discovered affecting the X3F property table list implementation in libraw x3f.cpp and libraw cxx.cpp, resulting in an out-of-bounds read. Recommendations: For LibRaw version 0.18.9, at the moment, there is no information about a newer version that contains a fix for this issue.