Icepng

**Name of the Vulnerable Software and Affected Versions** PoDoFo version 0.9.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted PDF document. This is due to a problem in the `TextExtractor::ExtractText` function in TextExtractor.cpp. **Recommendations** For PoDoFo version 0.9.5, consider avoiding the use of the `TextExtractor::ExtractText` function until a patch is available. As a temporary workaround, restrict the processing of crafted PDF documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Artifex jbig2dec version 0.13 **Description** The issue is caused by an integer overflow in the `jbig2 image compose` function in `jbig2 image.c` when processing a crafted .jb2 file. This can lead to out-of-bounds writes and reads, resulting in a denial of service (application crash) or disclosure of sensitive information from process memory. **Recommendations** For Artifex jbig2dec version 0.13, consider applying a patch or fix to address the integer overflow in the `jbig2 image compose` function to prevent out-of-bounds writes and reads. As a temporary workaround, restrict the processing of untrusted .jb2 files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Artifex jbig2dec version 0.13 **Description** The issue is related to a heap-based buffer over-read that can cause a denial of service, resulting in an application crash, or potentially disclose sensitive information from process memory. This occurs due to an integer overflow in the `jbig2 decode symbol dict` function, located in `jbig2 symbol dict.c` within `libjbig2dec.a`, when the software operates on a crafted .jb2 file. **Recommendations** For Artifex jbig2dec version 0.13, consider avoiding the use of crafted .jb2 files until a patch is available. As a temporary workaround, restrict the processing of .jb2 files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.