J0Rgan

**Name of the Vulnerable Software and Affected Versions** BS.player version 2.27 build 959 **Description** The issue is caused by a buffer overflow that occurs when processing a long string in a .SRT file, allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. **Recommendations** For BS.player version 2.27 build 959, consider avoiding the use of .SRT files with long strings until a patch is available. As a temporary workaround, restrict the processing of .SRT files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** eo-video version 1.36 **Description** The issue is a stack-based buffer overflow that allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code. This is achieved through a .eop file, also known as a playlist file, which contains a ProjectElement element with a long Name element. **Recommendations** For eo-video version 1.36, update to a version that contains a fix for this issue, as using a .eop file with a long Name element in the ProjectElement can lead to arbitrary code execution or denial of service.