Joonun Jang

**Name of the Vulnerable Software and Affected Versions** WavPack version 5.1.0 **Description** The issue allows a remote attacker to cause a denial-of-service or possibly overwrite the heap via a maliciously crafted DSDIFF file. This is due to a heap-based buffer over-read in the ParseDsdiffHeaderConfig function of the cli/dsdiff.c file. **Recommendations** For WavPack version 5.1.0, consider avoiding the use of the ParseDsdiffHeaderConfig function until a patch is available. Restrict access to processing DSDIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: advancecomp versions prior to 2.1-2018/02 Description: An out-of-bounds heap buffer read flaw was found in the way advancecomp handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. Recommendations: For versions prior to 2.1-2018/02, update to version 2.1-2018/02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WavPack version 5.1.0 **Description** A stack-based buffer over-read issue in the ParseRiffHeaderConfig function of the cli/riff.c file allows a remote attacker to cause a denial-of-service attack or possibly have unspecified other impact via a maliciously crafted RF64 file. **Recommendations** For WavPack version 5.1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jhead version 3.00 **Description** The issue is caused by an integer underflow bug in the `process EXIF` function of the exif.c file, which leads to a heap-based buffer over-read when processing a malicious JPEG file. This may allow a remote attacker to cause a denial-of-service attack or have unspecified other impact. **Recommendations** For jhead version 3.00, as a temporary workaround, consider disabling the `process EXIF` function until a patch is available. Restrict access to the exif.c file to minimize the risk of exploitation. Avoid using jhead to process untrusted JPEG files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xfig version 3.2.6a **Description** The issue is related to an array index error in the fig2dev program, which can be exploited by remote attackers using a maliciously crafted Fig format file. This can lead to a denial-of-service attack or information disclosure. The error is specifically related to a negative font value in dev/gentikz.c, and the read textobject functions in read.c and read1 3.c. **Recommendations** For Xfig version 3.2.6a, consider restricting the use of the fig2dev program until a patch is available, and avoid processing untrusted Fig format files to minimize the risk of exploitation.