Gaa-Cifasis

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.3 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. This is related to the git commit message function in oid.c. **Recommendations** For versions prior to 0.24.3, update to version 0.24.3 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted object files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.3 **Description** The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, by utilizing a cat-file command with a crafted object file. This is related to the git oid nfmt function in commit.c. **Recommendations** For versions prior to 0.24.3, update to version 0.24.3 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted object files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library (aka libgd) versions prior to 2.2.3 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. This is related to the gdImageCreateFromTgaCtx function. **Recommendations** For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jq versions 1.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in stack consumption and application crash, via a crafted JSON file. This is due to a problem in the `jv dump term` function. **Recommendations** For jq version 1.5, update to version 1.6 rc1-r0 to resolve the issue.