Henices

**Nome do software vulnerável e versões afetadas** Versões do Vim anteriores à 9.0.2142 **Descrição** A vulnerabilidade está relacionada a um estouro de buffer baseado em pilha na função `did set langmap()` do editor de texto Vim. Esse estouro ocorre porque `did set langmap`, em `map.c`, chama `sprintf` para gravar no buffer de erros que é passado para as funções de retorno de chamada de opções. A exploração dessa vulnerabilidade pode permitir que um invasor execute código arbitrário. **Recomendações** Para versões anteriores à 9.0.2142, atualize para a versão 9.0.2142 ou posterior para resolver o problema. Como solução temporária, considere restringir o uso da função `did set langmap()` em `map.c` até que um patch seja aplicado. Além disso, tenha cuidado ao usar a função `sprintf` para gravar no buffer de erros, pois isso pode levar a um estouro de buffer baseado na pilha.

**Nome do software vulnerável e versões afetadas** Exiv2 versão 0.27.3 **Descrição** O problema está relacionado a um estouro de inteiro na função `CrwMap::encode0x1810` do Exiv2, que pode ser explorado por invasores para provocar um estouro de buffer baseado em heap, causando uma negação de serviço (DOS) por meio de metadados manipulados. Isso pode ser feito explorando remotamente a vulnerabilidade com metadados especialmente criados. **Recomendações** Para a versão 0.27.3 do Exiv2, considere desativar a função `CrwMap::encode0x1810` como uma solução temporária até que um patch esteja disponível. Restrinja o acesso a metadados criados para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões v0.27.3 e anteriores do Exiv2 **Descrição** O problema está relacionado a uma leitura fora dos limites na biblioteca Exiv2, que pode ser acionada ao gravar metadados em um arquivo de imagem manipulado. Isso poderia permitir que um invasor remoto causasse uma negação de serviço ao travar o Exiv2, caso consiga induzir a vítima a executar o Exiv2 em um arquivo de imagem manipulado. O bug é acionado com menos frequência, pois ocorre durante a gravação de metadados, uma operação menos comum do que a leitura de metadados. **Recomendações** Para as versões v0.27.3 e anteriores do Exiv2, atualize para a versão v0.27.4 para resolver o problema. Como solução alternativa temporária, considere evitar o uso da funcionalidade de gravação de metadados no Exiv2 até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.7-16 **Description** The issue is related to an infinite loop in the ReadTXTImage function of the coders/txt.c component. This allows a remote attacker to cause a denial of service, specifically CPU exhaustion, by exploiting the vulnerability with a specially crafted image file. **Recommendations** For ImageMagick version 7.0.7-16, consider disabling the ReadTXTImage function in coders/txt.c as a temporary workaround until a patch is available. Restrict access to the coders/txt.c component to minimize the risk of exploitation. Avoid using the GetImageIndexInList call with untrusted image files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-16 **Description** A denial of service issue was found in the `ReadMIFFImage` function in `coders/miff.c`, allowing attackers to cause CPU exhaustion via a crafted MIFF image file. This issue can be exploited by remote attackers using a specially crafted MIFF image, leading to a denial of service. **Recommendations** For ImageMagick version 7.0.7-16, consider disabling the `ReadMIFFImage` function in `coders/miff.c` as a temporary workaround to minimize the risk of exploitation. Restrict access to MIFF image files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-16 Q16 **Description** A denial of service issue exists due to excessive iteration in the `ReadOnePNGImage` function in `coders/png.c`, allowing remote attackers to cause a denial of service via a crafted mng image file. This can lead to a large loop in `ReadOneMNGImage`. **Recommendations** For ImageMagick version 7.0.7-16 Q16, consider disabling the `ReadOnePNGImage` function in `coders/png.c` as a temporary workaround to prevent exploitation until a patch is available. Restrict access to handling mng image files to minimize the risk of denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-12 Q16 **Description** A large loop issue was found in the ExtractPostscript function in the coders/wpg.c component, allowing attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file. The vulnerability is related to an error in the resource control mechanism, which can be exploited by a remote attacker using a specially crafted wpg image to trigger a denial of service. **Recommendations** For ImageMagick version 7.0.7-12 Q16, consider disabling the ExtractPostscript function in the coders/wpg.c component as a temporary workaround to minimize the risk of exploitation. Restrict access to the ReadWPGImage call to prevent CPU exhaustion attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-12 Q16 **Description** The issue is related to an infinite loop in the `ReadPSDChannelZip` function in `coders/psd.c`, which can be exploited by attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. This allows a remote attacker to disrupt service using a specially crafted psd image. **Recommendations** For ImageMagick version 7.0.7-12 Q16, as a temporary workaround, consider disabling the `ReadPSDChannelZip` function in `coders/psd.c` until a patch is available. Restrict access to handling psd image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.7-12 Q16 Description: A CPU exhaustion issue was found in the `ReadDDSInfo` function in `coders/dds.c`, allowing attackers to cause a denial of service. This issue is related to uncontrolled resource consumption, which can be exploited by a remote attacker to cause a service disruption. Recommendations: For ImageMagick version 7.0.7-12 Q16, consider disabling the `ReadDDSInfo` function in `coders/dds.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.1 **Description** The issue is caused by a buffer overflow in the Mediaserver service of the Android operating system. This can be exploited by a remote attacker using a specially crafted file to inject arbitrary code, potentially causing memory corruption during media file or data processing. The issue affects the libhevc library and is considered critical due to the possibility of remote code execution within the context of the Mediaserver process. **Recommendations** For Android versions 6.0 through 7.1.1, update to a version that contains a fix for this issue to prevent potential memory corruption and arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.