Fl0 Fl0W

**Name of the Vulnerable Software and Affected Versions** Soft SaschArt SasCAM Webcam Server versions 2.6.5 and earlier, 2.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a large number of requests with a long line. This can be achieved using a long GET request. **Recommendations** For Soft SaschArt SasCAM Webcam Server versions 2.6.5 and earlier, 2.7, consider restricting access to the server to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** H264WebCam version 3.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a long URI in a GET request. This triggers a NULL pointer dereference. **Recommendations** For H264WebCam version 3.7, consider restricting the length of URIs in GET requests to prevent the denial of service. As a temporary workaround, implement input validation to limit the URI length until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VLC Media Player version 0.8.6 **Description** The issue is related to a stack-based buffer overflow that can be triggered by a crafted Advanced SubStation Alpha Subtitle (.ass) file, specifically involving the Dialogue field, potentially allowing user-assisted remote attackers to execute arbitrary code via an ogg file. **Recommendations** For version 0.8.6, update to a newer version that contains a fix for this issue to prevent potential code execution.

**Name of the Vulnerable Software and Affected Versions** EffectMatrix (E.M.) Magic Morph version 1.95b **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long string in a .mor file. **Recommendations** For EffectMatrix (E.M.) Magic Morph version 1.95b, consider avoiding the use of .mor files with long strings until a patch is available. As a temporary workaround, restrict the processing of .mor files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xilisoft Video Converter versions 3.1.53.0704n and 5.1.23.0402 **Description** The issue is a stack-based buffer overflow in the ape plugin.plg component. It can be triggered by a long string in a .cue file, potentially allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. **Recommendations** For version 3.1.53.0704n, update to a version that fixes the stack-based buffer overflow issue in ape plugin.plg. For version 5.1.23.0402, update to a version that fixes the stack-based buffer overflow issue in ape plugin.plg. As a temporary workaround, consider restricting the use of .cue files or disabling the ape plugin.plg component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ZipGenius (affected versions not specified) **Description** A stack-based buffer overflow issue exists, potentially allowing remote attackers to execute arbitrary code through a crafted .zip file that triggers an SEH overwrite. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MicroSmarts Enterprise ZipItFast! version 3.0 **Description** The issue allows remote attackers to execute arbitrary code via a crafted .zip file, triggering memory corruption due to a format string buffer overflow. **Recommendations** For MicroSmarts Enterprise ZipItFast! version 3.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trident PowerZip version 7.2 **Description** A stack-based buffer overflow issue might allow remote attackers to execute arbitrary code via a crafted .zip file. **Recommendations** For Trident PowerZip version 7.2, consider avoiding the use of crafted .zip files until a patch or fix is available. As a temporary workaround, restrict the handling of .zip files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ediSys eZip Wizard version 3.0 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a crafted .zip file. **Recommendations** For version 3.0, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TUGzip version 3.5.0.0 **Description** The issue is a stack-based buffer overflow that can be triggered by a long filename in a .zip file, potentially allowing remote attackers to cause a denial of service (crash) or execute arbitrary code. **Recommendations** For TUGzip version 3.5.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Numark CUE version 5.0 rev2 Description: The issue is a stack-based buffer overflow that can be triggered by a user-assisted attack, allowing attackers to cause a denial of service, which is an application crash, or potentially execute arbitrary code. This is achieved through an M3U playlist file containing a long absolute pathname. Recommendations: For Numark CUE version 5.0 rev2, consider avoiding the use of M3U playlist files with long absolute pathnames until a fix is available. As a temporary workaround, restrict the handling of such files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP SP3 Description: The issue allows user-assisted attackers to cause a denial of service, resulting in an application crash, by using a crafted .ZIP file. Recommendations: For Microsoft Windows XP SP3, avoid using Windows Explorer to open crafted .ZIP files until a fix is available. As a temporary workaround, consider using alternative methods to handle .ZIP files.

Name of the Vulnerable Software and Affected Versions: Total Video Player versions 1.03 and earlier Total Video Player versions 1.20 Total Video Player versions 1.30 Description: A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. Recommendations: For version 1.03 and earlier, update to a version that is not affected by this issue. For version 1.20, update to a version that is not affected by this issue. For version 1.30, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of M3U playlist files with long file names until a patch is available.