Glen-Maco

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.5.5 **Description** An issue was discovered in the function Sass::Prelexer::skip over scopes, which could allow an attacker to disclose information or cause a denial of service due to an out-of-bounds read of a memory region. **Recommendations** For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Sass::Prelexer::skip over scopes` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Lizard version 1.0 LZ5 version 2.0 **Description** The issue is related to an unchecked buffer size during a memcpy in the `Lizard decompress LIZv1` function, located in `lib/lizard decompress liz.h`. This allows remote attackers to cause a denial of service via a crafted input file and potentially achieve remote code execution. **Recommendations** For Lizard version 1.0, consider restricting access to the `Lizard decompress LIZv1` function until a patch is available. For LZ5 version 2.0, avoid using the vulnerable `Lizard decompress LIZv1` function in `lib/lizard decompress liz.h` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibSass versions 3.4.x through 3.5.4 **Description** A use-after-free issue exists in the handle error() function in sass context.cpp, potentially leading to a denial of service (application crash) or other unspecified impacts. **Recommendations** For LibSass versions 3.4.x through 3.5.4, consider disabling the handle error() function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jpegoptim versions 1.4.5 **Description** The issue is related to an invalid use of `realloc()` and `free()` in `jpegoptim.c`, which can be exploited by remote attackers to cause a denial of service, resulting in an application crash, or possibly have other unspecified impacts. **Recommendations** For jpegoptim version 1.4.5, update to version 1.4.6 to resolve the issue.