Enchantedjohn

**Name of the Vulnerable Software and Affected Versions** FLIF version 0.3 **Description** An issue in the image save png function in image/image-png.cpp allows attackers to trigger a longjmp, resulting in an uninitialized stack frame after a libpng error related to the IHDR image width. **Recommendations** For FLIF version 0.3, consider applying a patch or fix to the image save png function to prevent the longjmp and uninitialized stack frame issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PBC versions prior to 2017-03-02 **Description** The issue is related to a buffer over-read in the `calc hash` function within the `map.c` file of the `libpbc.a` library. **Recommendations** For versions prior to 2017-03-02, consider updating to a version released after 2017-03-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PBC versions prior to 2017-03-02 **Description** The issue is related to a Segmentation fault in the ` pbcP message default` function in `proto.c`. **Recommendations** For versions prior to 2017-03-02, update to a version released after 2017-03-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PBC versions prior to 2017-03-02 **Description** A heap-based buffer over-read issue exists in the ` pbcM ip new` function in `map.c` of the `libpbc.a` library. **Recommendations** For versions prior to 2017-03-02, consider updating to a version released after 2017-03-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PBC versions prior to 2017-03-02 **Description** The issue is related to a Segmentation fault in the ` pbcB register fields` function in `bootstrap.c`. This fault occurs in the `libpbc.a` library of PBC. **Recommendations** For versions prior to 2017-03-02, consider updating to a version released after 2017-03-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SELA (aka SimplE Lossless Audio) version 0.1.2-alpha **Description** The issue is a stack-based buffer overflow in the `init apev2 keys` function, located in the core/apev2.c file. **Recommendations** For SELA (aka SimplE Lossless Audio) version 0.1.2-alpha, consider disabling the `init apev2 keys` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jbig2enc version 0.29 **Description** The issue allows remote attackers to cause a denial of service or possibly have other impact via a crafted file. This is due to a use-after-free error in the `jbig2 add page` function in `jbig2enc.cc` in `libjbig2enc.a`. **Recommendations** For version 0.29, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free Lossless Image Format (FLIF) version 0.3 **Description** An issue in the Plane function in image/image.hpp allows remote attackers to cause a denial of service through attempted excessive memory allocation via a crafted file. **Recommendations** For Free Lossless Image Format (FLIF) version 0.3, consider avoiding the use of the Plane function in image/image.hpp until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Free Lossless Image Format (FLIF) version 0.3 **Description** An issue in the TransformPaletteC::process function allows remote attackers to cause a denial of service or possibly have other impact via a crafted file. The function, located in transform/palette C.hpp, is vulnerable to a heap-based buffer overflow. **Recommendations** For Free Lossless Image Format (FLIF) version 0.3, consider avoiding the use of the TransformPaletteC::process function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TinyXML2 version 6.2.0 **Description** The issue is related to a heap-based buffer over-read in the XMLDocument::Parse function. However, the developers of TinyXML2 have determined that the reported issue is due to improper use of the library and not a vulnerability in TinyXML2. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.