Joonas Kuorilehto

**Name of the Vulnerable Software and Affected Versions** libvirt (affected versions not specified) **Description** The issue allows local users with storage vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name, when fine-grained Access Control Lists (ACL) are in effect. This is due to a directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage backend fs.c. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7 **Description** The issue allows remote attackers to cause a denial of service, leading to an assertion failure and device restart, via an invalid packet fragment. **Recommendations** For versions prior to 7, update to version 7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple AirPort Base Station Firmware versions prior to 7.6.4 **Description** The issue is related to the handling of incorrect frame lengths, which can be exploited by remote attackers to cause a denial of service. This can be achieved by associating with the access point and then sending a short frame, resulting in a device crash. **Recommendations** For Apple AirPort Base Station Firmware versions prior to 7.6.4, update to version 7.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.7.6-3 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, by utilizing a JPEG image with a crafted sequence of restart markers. This is related to the JPEGWarningHandler function in coders/jpeg.c. **Recommendations** For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.7.5 and earlier **Description** The issue allows remote attackers to cause a denial of service, potentially leading to memory corruption, and possibly execute arbitrary code. This is achieved through crafted offset and count values in the `ResolutionUnit` tag within the EXIF IFD0 of an image. **Recommendations** For ImageMagick versions 6.7.5 and earlier, update to a version later than 6.7.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.7.6-3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and crash, via a crafted EXIF IFD in a TIFF image. This is due to a problem in the TIFFGetEXIFProperties function in coders/tiff.c. **Recommendations** For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of TIFF images with crafted EXIF IFD to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 6.7.5 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and hang, by providing a crafted image. This image has an IFD that contains IOP tags, all of which reference the beginning of the IDF. **Recommendations** For ImageMagick versions 6.7.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 6.7.6-3 **Description** The issue allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. This occurs due to a problem in the GetEXIFProperty function in magick/property.c. **Recommendations** For versions prior to 6.7.6-3, update to version 6.7.6-3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of JPEG files with potentially malformed EXIF tags until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.1.25 GnuTLS versions 3.2.x prior to 3.2.15 GnuTLS versions 3.3.x prior to 3.3.4 libgnutls26 (affected versions not specified) libgnutls28 (affected versions not specified) libgnutls-openssl27 (affected versions not specified) gnutls (affected versions not specified) gnutls-utils-2.8.5 (affected versions not specified) gnutls-devel-2.8.5 (affected versions not specified) libgnutls-extra26 (affected versions not specified) libgnutls-extra-devel (affected versions not specified) libgnutlsxx28 (affected versions not specified) libgnutls-openssl-devel (affected versions not specified) gnutls-debuginfo-2.8.5 (affected versions not specified) gnutls-debugsource (affected versions not specified) libgnutlsxx28-debuginfo (affected versions not specified) libgnutls28-debuginfo (affected versions not specified) libgnutls-openssl27-debuginfo (affected versions not specified) **Description** The issue is related to a buffer overflow in the read server hello function in lib/gnutls handshake.c in GnuTLS, which allows remote servers to cause a denial of service or possibly execute arbitrary code via a long session id in a ServerHello message. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For GnuTLS versions prior to 3.1.25, update to version 3.1.25 or later. For GnuTLS versions 3.2.x prior to 3.2.15, update to version 3.2.15 or later. For GnuTLS versions 3.3.x prior to 3.3.4, update to version 3.3.4 or later. For libgnutls26, libgnutls28, libgnutls-openssl27, gnutls, gnutls-utils-2.8.5, gnutls-devel-2.8.5, libgnutls-extra26, libgnutls-extra-devel, libgnutlsxx28, libgnutls-openssl-devel, gnutls-debuginfo-2.8.5, gnutls-debugsource, libgnutlsxx28-debuginfo, libgnutls28-debuginfo, and libgnutls-openssl27-debuginfo, update to a version that is not affected by this issue, as the specific affected versions are not specified. As a temporary workaround, consider restricting access to the vulnerable function read server hello in lib/gnutls handshake.c to minimize the risk of exploitation.