Jarlob

**Nome do Software Vulnerável e Versões Afetadas** NanaZip versões 5.0.1252.0 até 6.0.1697.0 **Descrição** Um problema de recursão não controlada existe no analisador de imagem de sistema de arquivos UFS/UFS2. A função `GetAllPaths()` realiza a recursão em subdiretórios sem limites de profundidade ou rastreamento de inodes visitados. Uma imagem UFS especialmente criada contendo um ciclo de inode ou uma árvore de diretórios profunda pode levar à exaustão da pilha, resultando no travamento do processo. **Recomendações** Atualizar para a versão 6.0.1698.0.

**Nome do Software Vulnerável e Versões Afetadas** NanaZip versões 5.0.1252.0 até 6.0.1697.0 **Descrição** Existe uma leitura fora dos limites baseada em pilha (stack-based out-of-bounds read) no analisador de imagem do sistema de arquivos ZealFS. Isso ocorre ao abrir uma imagem de sistema de arquivos ZealFS v1 especialmente criada, onde um campo `BitmapSize` controlado por um invasor no cabeçalho do arquivo aciona um loop ilimitado que lê além do final de uma estrutura `ZEALFS V1 HEADER` alocada na pilha. **Recomendações** Atualizar para a versão 6.0.1698.0.

**Nome do Software Vulnerável e Versões Afetadas** NanaZip versões 5.0.1252.0 até 6.0.1697.0 **Descrição** Existe uma gravação nula de um byte fora dos limites do heap (heap out-of-bounds null write) no analisador de imagem do sistema de arquivos UFS/UFS2. Isso ocorre ao abrir uma imagem de sistema de arquivos UFS especialmente preparada, permitindo que um invasor controle o deslocamento do byte da gravação dentro de uma janela de aproximadamente 254 bytes além do limite de alocação do heap. **Recomendações** Atualize para a versão 6.0.1698.0.

**Nome do Software Vulnerável e Versões Afetadas** Versões do OpenCV anteriores à 4.12.0 **Descrição** O OpenCV, uma Biblioteca de Visão Computacional de Código Aberto, apresenta uma falha em que uma variável de ponteiro não inicializada na pilha pode levar a uma escrita arbitrária em buffer na heap ao processar imagens JPEG manipuladas. **Recomendações** Atualize para a versão 4.12.0 ou posterior.

**Name of the Vulnerable Software and Affected Versions** 7-Zip versions prior to 25.0.0 **Description** 7-Zip is a file archiver with a high compression ratio. A flaw exists in the RAR5 handler where writing zeroes outside of the heap buffer can cause memory corruption and denial of service. **Recommendations** Update to version 25.0.0 or later.

**Nome do Software Vulnerável e Versões Afetadas** Versões do 7-Zip anteriores à 25.0.0 **Descrição** O 7-Zip é um compactador de arquivos que suporta a extração de Documentos Compostos. Uma desreferência de ponteiro nulo no manipulador de Compostos pode levar à negação de serviço. **Recomendações** Atualize para a versão 25.0.0 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do yt-dlp anteriores a 01/07/2024 Versões do youtube-dl anteriores a 03/07/2024 **Descrição** O problema diz respeito aos downloaders de áudio/vídeo de linha de comando `yt-dlp` e `youtube-dl`. Antes das versões corrigidas, essas ferramentas não limitavam as extensões dos arquivos baixados, o que poderia levar à criação de nomes de arquivos arbitrários na pasta de downloads e à traversal de caminho no Windows. Como o `yt-dlp` e o `youtube-dl` também leem a configuração do diretório de trabalho, isso poderia levar à execução de código arbitrário. Para mitigar isso, os usuários devem incluir `.%(ext)s` no final do modelo de saída, confiar nos sites dos quais fazem downloads e evitar baixar para locais sensíveis. **Recomendações** Para versões do `yt-dlp` anteriores a 01/07/2024, atualize para a versão 2024.07.01 ou posterior. Para versões do `youtube-dl` anteriores a 03/07/2024, atualize para uma compilação noturna marcada como 03/07/2024 ou posterior. Para usuários que não podem atualizar, mantenha o modelo de saída padrão, certifique-se de que a extensão da mídia seja comum, evite o extrator genérico e use `--ignore-config --config-location ...` para não carregar a configuração de locais comuns.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of bounds write in `f->vendor[i] = get8 packet(f);`. This is caused by an integer overflow in `setup malloc`, where a sufficiently large value in the variable `sz` overflows when added to 7, resulting in a negative value that passes the maximum available memory buffer check. This may lead to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of buffer write in the `start decoder` function. This occurs because the maximum value of `m->submaps` is 16, but the arrays `submap floor` and `submap residue` are declared with 15 elements. This can potentially lead to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to the processing of ogg vorbis files. A crafted file can cause a memory allocation failure in the `start decoder` function, leading to some pointers in `f->comment list` being left initialized. Later, `setup free` is called on these pointers in `vorbis deinit`, which may result in code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue concerns a crafted file that may trigger an out of bounds read in the `DECODE` macro when the `var` is negative. According to the definition of `DECODE RAW`, a negative `var` is a valid value. This can potentially be used to leak internal memory allocation information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to a memory allocation failure in the `start decoder` function when processing a crafted ogg vorbis file. This failure causes the function to return early, setting `f->comment list` to `NULL` but not resetting `f->comment list length`. Later, in the `vorbis deinit` function, it attempts to dereference the `NULL` pointer, potentially leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image (affected versions not specified) **Description** The issue is related to the stbi getn function in the stb image library, which reads a specified number of bytes from a context into a buffer. If the file stream points to the end, it returns zero. However, there are two places where its return value is not checked: in the `stbi hdr load` function and in the `stbi tga load` function. The latter is likely more exploitable as an attacker may also control the size of an uninitialized buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to the processing of ogg vorbis files. A crafted file can trigger an out of bounds write in `f->vendor[len] = (char)'0';`. This occurs when `len` read in `start decoder` is a negative number and memory allocation is successful, but the memory write is done with a negative index `len`. Additionally, if `len` is INT MAX, an integer overflow happens in `f->vendor = (char*)setup malloc(f, sizeof(char) * (len+1));` and `f->comment list[i] = (char*)setup malloc(f, sizeof(char) * (len+1));`. This may lead to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image (affected versions not specified) **Description** The issue is related to a crafted image file that may trigger an out of bounds memcpy read in the `stbi gif load next` function. This occurs because `two back` points to a memory address lower than the start of the buffer, potentially leading to the leak of internal memory allocation information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Notepad++ versions 8.5.6 and prior **Description** The issue is related to a global buffer read overflow in the `nsCodingStateMachine::NextStater` function. This may potentially be used to leak internal memory allocation information. The exploitability of this issue is not clear. **Recommendations** For Notepad++ versions 8.5.6 and prior, update to version 8.5.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `nsCodingStateMachine::NextStater` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Notepad++ versions 8.5.6 and prior **Description** The issue is related to a heap buffer read overflow in the `FileManager::detectLanguageFromTextBegining()` function. This may potentially be used to leak internal memory allocation information. The exploitability of this issue is not clear. **Recommendations** For versions 8.5.6 and prior, update to version 8.5.7 or later to resolve the issue. As a temporary workaround, consider disabling the `FileManager::detectLanguageFromTextBegining()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to a crafted file that may trigger an out of bounds write in `f->vendor[len] = (char)'0';`. This occurs when the length read in `start decoder` is `-1` and `len + 1` becomes 0 when passed to `setup malloc`. The `setup malloc` function behaves differently when `f->alloc.alloc buffer` is pre-allocated, shifting the pre-allocated buffer by zero and returning the currently available memory block instead of returning `NULL` as in the `malloc` case. This may lead to code execution. The vulnerability may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image (affected versions not specified) **Description** The issue is related to the stbi load gif from memory component of the stb image library, which is a single file MIT licensed library for processing images. If `stbi load gif main` fails, it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi vertical flip slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb vorbis (affected versions not specified) **Description** The issue is related to a potential integer overflow in `sizeof(char*) * (f->comment list length)` which may cause `setup malloc` to allocate less memory than required. This can lead to a memory write past an allocated heap buffer in `start decoder` when a crafted file is processed. An attacker may exploit this issue to gain access to confidential data, disrupt data integrity, and cause a denial of service. The issue may also lead to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.