Guoxiang Niu

**Name of the Vulnerable Software and Affected Versions** GPAC version 0.7.1 **Description** The issue is related to a buffer overflow in the `gf import message()` function, located in the `media import.c` file. **Recommendations** For GPAC version 0.7.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GPAC version 0.7.1 **Description** The issue is related to a buffer overflow in the `gf bin128 parse` function, located in `utils/os divers.c`, which occurs when the crypt feature encounters a crafted `drm file.xml` file. **Recommendations** For GPAC version 0.7.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** aubio versions 0.4.0 through 0.4.8 **Description** The issue is related to a buffer overflow in the `new aubio tempo` function. This buffer overflow can potentially be exploited. **Recommendations** For versions 0.4.0 through 0.4.8, consider disabling the `new aubio tempo` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aubio versions 0.4.0 through 0.4.8 **Description** The issue is related to a NULL pointer dereference in the `new aubio filterbank` function, which occurs when an invalid number of filters (`n filters`) is provided. **Recommendations** For versions 0.4.0 through 0.4.8, as a temporary workaround, consider restricting the use of the `new aubio filterbank` function with invalid `n filters` values until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 0.7.1 and earlier **Description** The issue is related to the `gf text get utf8 line` function in the GPAC multimedia platform, which allows an out-of-bounds write due to missing bounds checking for `szLineConv`. This can potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** For GPAC versions 0.7.1 and earlier, consider applying bounds checking to the `szLineConv` variable in the `gf text get utf8 line` function to prevent out-of-bounds writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qemu (affected versions not specified) **Description** The issue is related to the mode4and5 write functions in the hw/display/cirrus vga.c file of Qemu, allowing local OS guest privileged users to cause a denial of service. This can be achieved through vectors related to dst calculation, resulting in out-of-bounds write access and a Qemu process crash. The vulnerability is also described as a buffer overflow issue in the mode4and5 function of the Qemu hardware emulator, which can be exploited to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.