Frokaikan

**Nome do software vulnerável e versões afetadas** FreeType (versões afetadas não especificadas) **Descrição** O problema está relacionado a um estouro de buffer de heap por meio da função `sfnt init face`. Isso permite que um invasor remoto acesse dados confidenciais, comprometa sua integridade e cause uma negação de serviço. O problema foi identificado em um commit específico da biblioteca FreeType. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** JSON++ versions prior to 2016-06-15 **Description** The issue is related to a buffer over-read in the `yyparse()` function, located in `json.y`. **Recommendations** For JSON++ versions prior to 2016-06-15, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** wernsey/bitmap versions prior to 2018-08-18 **Description** The issue allows a NULL pointer dereference via a 4-bit image. **Recommendations** For versions prior to 2018-08-18, update to a version released after 2018-08-18 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions prior to 2018-08-22 **Description** The issue allows remote attackers to cause a denial of service via a progressive JPEG file that lacks an AC Huffman table, resulting in an FPE signal. **Recommendations** For versions prior to 2018-08-22, update to a version released after 2018-08-22 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** catimg version 2.4.0 **Description** A heap-based buffer overflow issue exists in the `stbi bmp load cont` function within `stb image.h`. **Recommendations** For catimg version 2.4.0, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict the use of the `stbi bmp load cont` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gravity versions prior to 0.5.1 **Description** The issue is related to the lack of support for a maximum recursion depth. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue.