Kky0Ho

**Name of the Vulnerable Software and Affected Versions** libopencad version 0.2.0 **Description** A heap-based buffer over-read issue exists in the ReadMCHAR function in lib/dwg/io.cpp, which can cause an application crash. **Recommendations** For libopencad version 0.2.0, consider avoiding the use of the ReadMCHAR function in lib/dwg/io.cpp until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libopencad version 0.2.0 **Description** A heap-based buffer over-read issue exists in the ReadCHAR function in lib/dwg/io.cpp, which can cause an application crash. **Recommendations** For libopencad version 0.2.0, consider avoiding the use of the ReadCHAR function in lib/dwg/io.cpp until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libpg query versions 10 through 1.0.2 **Description** A memory leak was found in the `pg query raw parse` function within `pg query parse.c`, potentially leading to a denial of service. **Recommendations** For libpg query versions 10 through 1.0.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Lizard (formerly LZ5) version 2.0 **Description** A denial of service issue was found, related to the use of an invalid memory address in the `LZ5 compress continue` function in `lz5 compress.c`, specifically with `LZ5 compress fastSmall` and `MEM read32`. This issue causes a segmentation fault and application crash. **Recommendations** For Lizard (formerly LZ5) version 2.0, consider applying a patch or fix to address the invalid memory address usage in the `LZ5 compress continue` function to prevent the segmentation fault and application crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ZZIPlib versions prior to 0.13.70 Description: The issue is related to a memory leak in the ` zzip parse root directory` function, which can lead to a denial of service attack. This is caused by a resource not being released after its valid lifetime has expired. A remote attacker can exploit this issue to cause a denial of service. Recommendations: For ZZIPlib versions prior to 0.13.70, update to version 0.13.70 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` zzip parse root directory` function in zip.c to minimize the risk of exploitation.